diff --git a/404.html b/404.html index 92e03290f..5067284fc 100644 --- a/404.html +++ b/404.html @@ -12,13 +12,13 @@ - +
Skip to main content
Not Found

Seal-ly us! We can't find that page.

We could not find what you were looking for:   isn't a working link.
The content may have moved;  try a search for it

- + \ No newline at end of file diff --git a/assets/js/3b8c55ea.c37060d7.js b/assets/js/3b8c55ea.c37060d7.js new file mode 100644 index 000000000..96110b2ab --- /dev/null +++ b/assets/js/3b8c55ea.c37060d7.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS",id:"centos",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL7",id:"rhel7",level:4},{value:"RHEL8",id:"rhel8",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"CNI plugins",id:"cni-plugins",level:4},{value:"Setup CNI networking",id:"setup-cni-networking",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Recommended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not recommended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not recommended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows Subsystem for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS")),(0,o.kt)("p",null,"Podman is available in the default Extras repos for CentOS 7 and in\nthe AppStream repo for CentOS 8 and Stream."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel7"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL7")),(0,o.kt)("p",null,"Subscribe, then enable Extras channel and install Podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo subscription-manager repos --enable=rhel-7-server-extras-rpms\nsudo yum -y install podman\n")),(0,o.kt)("h4",{id:"rhel8"},(0,o.kt)("a",{parentName:"h4",href:"https://developers.redhat.com/rhel8"},"RHEL8")),(0,o.kt)("p",null,"Podman is included in the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools")," module, along with Buildah and Skopeo."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum module enable -y container-tools:rhel8\nsudo yum module install -y container-tools:rhel8\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:rhel8")," is the fast application stream, containing most recent rolling versions of the tools. Use the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:2.0")," stream for stable versions of Podman 1.6. The command ",(0,o.kt)("inlineCode",{parentName:"p"},"yum module list container-tools")," shows the available streams."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS and RHEL, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"RHEL8 / CentOS 8 Stream users would first need to disable the container-tools\nmodule. All other users can skip this step."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf module disable container-tools -y\n")),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 8\nsudo dnf -y builddep rpm/podman.spec --enablerepo=powertools\n\n# CentOS Stream 9\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL (8 and newer)\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"cni-plugins"},"CNI plugins"),(0,o.kt)("h4",{id:"setup-cni-networking"},"Setup CNI networking"),(0,o.kt)("p",null,"A proper description of setting up CNI networking is given in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/cni/README.md"},(0,o.kt)("inlineCode",{parentName:"a"},"cni")," README"),"."),(0,o.kt)("p",null,"A basic setup for CNI networking is done by default during the installation or make processes and\nno further configuration is needed to start using Podman."),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/3b8c55ea.d9ceb584.js b/assets/js/3b8c55ea.d9ceb584.js deleted file mode 100644 index 41c954ae8..000000000 --- a/assets/js/3b8c55ea.d9ceb584.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[83217],{3905:(e,n,t)=>{t.d(n,{Zo:()=>d,kt:()=>h});var a=t(67294);function o(e,n,t){return n in e?Object.defineProperty(e,n,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[n]=t,e}function r(e,n){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);n&&(a=a.filter((function(n){return Object.getOwnPropertyDescriptor(e,n).enumerable}))),t.push.apply(t,a)}return t}function i(e){for(var n=1;n=0||(o[t]=e[t]);return o}(e,n);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,t)&&(o[t]=e[t])}return o}var s=a.createContext({}),p=function(e){var n=a.useContext(s),t=n;return e&&(t="function"==typeof e?e(n):i(i({},n),e)),t},d=function(e){var n=p(e.components);return a.createElement(s.Provider,{value:n},e.children)},u="mdxType",c={inlineCode:"code",wrapper:function(e){var n=e.children;return a.createElement(a.Fragment,{},n)}},m=a.forwardRef((function(e,n){var t=e.components,o=e.mdxType,r=e.originalType,s=e.parentName,d=l(e,["components","mdxType","originalType","parentName"]),u=p(t),m=o,h=u["".concat(s,".").concat(m)]||u[m]||c[m]||r;return t?a.createElement(h,i(i({ref:n},d),{},{components:t})):a.createElement(h,i({ref:n},d))}));function h(e,n){var t=arguments,o=n&&n.mdxType;if("string"==typeof e||o){var r=t.length,i=new Array(r);i[0]=m;var l={};for(var s in n)hasOwnProperty.call(n,s)&&(l[s]=n[s]);l.originalType=e,l[u]="string"==typeof e?e:o,i[1]=l;for(var p=2;p{t.r(n),t.d(n,{assets:()=>s,contentTitle:()=>i,default:()=>c,frontMatter:()=>r,metadata:()=>l,toc:()=>p});var a=t(87462),o=(t(67294),t(3905));const r={title:"Podman Installation"},i="Podman Installation Instructions",l={unversionedId:"installation",id:"installation",title:"Podman Installation",description:"Looking for a GUI? You can find Podman Desktop here.",source:"@site/docs/installation.md",sourceDirName:".",slug:"/installation",permalink:"/docs/installation",draft:!1,editUrl:"https://github.com/containers/podman.io/tree/main/docs/installation.md",tags:[],version:"current",frontMatter:{title:"Podman Installation"},sidebar:"docsSidebar",previous:{title:"Getting Started with Podman",permalink:"/docs/"},next:{title:"Podman Checkpoint",permalink:"/docs/checkpoint"}},s={},p=[{value:"Installing on Mac & Windows",id:"installing-on-mac--windows",level:2},{value:"macOS",id:"macos",level:3},{value:"Windows",id:"windows",level:3},{value:"Installing on Linux",id:"installing-on-linux",level:2},{value:"Linux Distributions",id:"linux-distributions",level:3},{value:"Arch Linux & Manjaro Linux",id:"arch-linux--manjaro-linux",level:4},{value:"Alpine Linux",id:"alpine-linux",level:4},{value:"CentOS",id:"centos",level:4},{value:"Debian",id:"debian",level:4},{value:"Fedora",id:"fedora",level:4},{value:"Fedora CoreOS, Fedora Silverblue",id:"fedora-coreos-fedora-silverblue",level:4},{value:"Gentoo",id:"gentoo",level:4},{value:"OpenEmbedded",id:"openembedded",level:4},{value:"openSUSE",id:"opensuse",level:4},{value:"openSUSE Kubic",id:"opensuse-kubic",level:4},{value:"Raspberry Pi OS arm64 (beta)",id:"raspberry-pi-os-arm64-beta",level:4},{value:"RHEL7",id:"rhel7",level:4},{value:"RHEL8",id:"rhel8",level:4},{value:"Ubuntu",id:"ubuntu",level:4},{value:"Linux Mint",id:"linux-mint",level:4},{value:"Installing development versions of Podman",id:"installing-development-versions-of-podman",level:3},{value:"Fedora",id:"fedora-1",level:4},{value:"Installing bleeding-edge versions of Podman",id:"installing-bleeding-edge-versions-of-podman",level:3},{value:"Installing on FreeBSD 14.0",id:"installing-on-freebsd-140",level:2},{value:"Initial configuration",id:"initial-configuration",level:4},{value:"Networking",id:"networking",level:5},{value:"Storage",id:"storage",level:5},{value:"Verification",id:"verification",level:5},{value:"Linux Emulation",id:"linux-emulation",level:5},{value:"Building from Source",id:"building-from-source",level:2},{value:"Build and Run Dependencies",id:"build-and-run-dependencies",level:3},{value:"Building missing dependencies",id:"building-missing-dependencies",level:3},{value:"golang",id:"golang",level:4},{value:"conmon",id:"conmon",level:4},{value:"crun / runc",id:"crun--runc",level:4},{value:"CNI plugins",id:"cni-plugins",level:4},{value:"Setup CNI networking",id:"setup-cni-networking",level:4},{value:"Add configuration",id:"add-configuration",level:4},{value:"Optional packages",id:"optional-packages",level:4},{value:"Get Source Code",id:"get-source-code",level:3},{value:"Build Tags",id:"build-tags",level:4},{value:"Vendoring - Dependency Management",id:"vendoring---dependency-management",level:3},{value:"Ansible",id:"ansible",level:4},{value:"Configuration files",id:"configuration-files",level:2},{value:"registries.conf",id:"registriesconf",level:3},{value:"Man Page: registries.conf.5",id:"man-page-registriesconf5",level:4},{value:"Example from the Fedora containers-common package",id:"example-from-the-fedora-containers-common-package",level:4},{value:"mounts.conf",id:"mountsconf",level:3},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-1",level:4},{value:"seccomp.json",id:"seccompjson",level:3},{value:"policy.json",id:"policyjson",level:3},{value:"Man Page: policy.json.5",id:"man-page-policyjson5",level:4},{value:"Example from the Fedora containers-common package:",id:"example-from-the-fedora-containers-common-package-2",level:4}],d={toc:p},u="wrapper";function c(e){let{components:n,...t}=e;return(0,o.kt)(u,(0,a.Z)({},d,t,{components:n,mdxType:"MDXLayout"}),(0,o.kt)("h1",{id:"podman-installation-instructions"},"Podman Installation Instructions"),(0,o.kt)("p",null,"Looking for a GUI? You can find Podman Desktop ",(0,o.kt)("a",{parentName:"p",href:"https://podman-desktop.io/downloads"},"here"),"."),(0,o.kt)("h2",{id:"installing-on-mac--windows"},"Installing on Mac & Windows"),(0,o.kt)("p",null,'While "containers are Linux," Podman also runs on Mac and Windows, where it\nprovides a native podman CLI and embeds a guest Linux system to launch your\ncontainers. This guest is referred to as a Podman machine and is managed with\nthe ',(0,o.kt)("inlineCode",{parentName:"p"},"podman machine")," command. Podman on Mac and Windows also listens for\nDocker API clients, supporting direct usage of Docker-based tools and\nprogrammatic access from your language of choice."),(0,o.kt)("h3",{id:"macos"},"macOS"),(0,o.kt)("p",null,"On Mac, each Podman machine is backed by a virtual machine.\nOnce installed, the podman command can be run directly from\nthe Unix shell in ",(0,o.kt)("inlineCode",{parentName:"p"},"Terminal"),", where it remotely communicates with the podman\nservice running in the Machine VM."),(0,o.kt)("details",{open:!0},(0,o.kt)("summary",null,"Download Podman Installer (Recommended)"),(0,o.kt)("p",null,"Podman can be downloaded from the ",(0,o.kt)("a",{parentName:"p",href:"https://podman.io"},"Podman.io")," website."),(0,o.kt)("p",null,"We also upload the installers and other binaries on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page"),".")),(0,o.kt)("p",null,"Though not recommended, Podman can also be obtained through Homebrew,\nthe package manager."),(0,o.kt)("details",null,(0,o.kt)("summary",null,"Install via Brew"),(0,o.kt)("p",null,"Since Brew is a community-maintained package manager, we cannot guarantee stability\nof Brew installs of Podman. Thus, installing via Brew is not recommended."),(0,o.kt)("p",null,"However, if you do wish to use Brew, you must first install ",(0,o.kt)("a",{parentName:"p",href:"https://brew.sh/"},"Homebrew"),". Once you\nhave set up brew, you can use the ",(0,o.kt)("inlineCode",{parentName:"p"},"brew install")," command to install Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"brew install podman\n"))),(0,o.kt)("p",null,"After installing, you need to create and start your first Podman machine:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman machine init\npodman machine start\n")),(0,o.kt)("p",null,"You can then verify the installation information using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman info\n")),(0,o.kt)("p",null,"We also provide binaries and a pkginstaller on our ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases"},"Github release page")),(0,o.kt)("h3",{id:"windows"},"Windows"),(0,o.kt)("p",null,"On Windows, each Podman machine is backed by a virtualized Windows Subsystem for\nLinux (WSLv2) distribution. Once installed, the podman command can be run\ndirectly from your Windows PowerShell (or CMD) prompt, where it remotely\ncommunicates with the podman service running in the WSL environment.\nAlternatively, you can access Podman directly from the WSL instance if you\nprefer a Linux prompt and Linux tooling."),(0,o.kt)("p",null,"See the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"Podman for Windows guide")," for setup and usage instructions."),(0,o.kt)("h2",{id:"installing-on-linux"},"Installing on Linux"),(0,o.kt)("h3",{id:"linux-distributions"},"Linux Distributions"),(0,o.kt)("h4",{id:"arch-linux--manjaro-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://www.archlinux.org"},"Arch Linux")," & ",(0,o.kt)("a",{parentName:"h4",href:"https://manjaro.org"},"Manjaro Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo pacman -S podman\n")),(0,o.kt)("p",null,"If you have problems when running Podman in ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/README.md#rootless"},"rootless")," mode follow the instructions ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)"},"here")),(0,o.kt)("p",null,"For more information on Podman on ArchLinux ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.archlinux.org/title/Podman"},"click here")),(0,o.kt)("h4",{id:"alpine-linux"},(0,o.kt)("a",{parentName:"h4",href:"https://alpinelinux.org"},"Alpine Linux")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apk add podman\n")),(0,o.kt)("p",null,"For further details, please refer to the instructions on the ",(0,o.kt)("a",{parentName:"p",href:"https://wiki.alpinelinux.org/wiki/Podman"},"Alpine Linux wiki"),"."),(0,o.kt)("h4",{id:"centos"},(0,o.kt)("a",{parentName:"h4",href:"https://www.centos.org"},"CentOS")),(0,o.kt)("p",null,"Podman is available in the default Extras repos for CentOS 7 and in\nthe AppStream repo for CentOS 8 and Stream."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum -y install podman\n")),(0,o.kt)("h4",{id:"debian"},(0,o.kt)("a",{parentName:"h4",href:"https://debian.org"},"Debian")),(0,o.kt)("p",null,"The podman package is available in the Debian 11 (Bullseye) repositories and later."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for Debian Testing and Unstable.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Debian versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmay be required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we also highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Debian repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\n\n# Debian Testing/Bookworm\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Debian Unstable/Sid\ncurl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\n\n# Install Podman\nsudo apt-get update\nsudo apt-get -y upgrade\nsudo apt-get -y install podman\n')),(0,o.kt)("h4",{id:"fedora"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install podman\n")),(0,o.kt)("h4",{id:"fedora-coreos-fedora-silverblue"},(0,o.kt)("a",{parentName:"h4",href:"https://coreos.fedoraproject.org"},"Fedora CoreOS"),", ",(0,o.kt)("a",{parentName:"h4",href:"https://silverblue.fedoraproject.org"},"Fedora Silverblue")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"gentoo"},(0,o.kt)("a",{parentName:"h4",href:"https://www.gentoo.org"},"Gentoo")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo emerge app-containers/podman\n")),(0,o.kt)("h4",{id:"openembedded"},(0,o.kt)("a",{parentName:"h4",href:"https://www.openembedded.org"},"OpenEmbedded")),(0,o.kt)("p",null,"Bitbake recipes for Podman and its dependencies are available in the\n",(0,o.kt)("a",{parentName:"p",href:"https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/"},"meta-virtualization layer"),".\nAdd the layer to your OpenEmbedded build environment and build Podman using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"bitbake podman\n")),(0,o.kt)("h4",{id:"opensuse"},(0,o.kt)("a",{parentName:"h4",href:"https://www.opensuse.org"},"openSUSE")),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper install podman\n")),(0,o.kt)("h4",{id:"opensuse-kubic"},(0,o.kt)("a",{parentName:"h4",href:"https://kubic.opensuse.org"},"openSUSE Kubic")),(0,o.kt)("p",null,"Built-in, no need to install"),(0,o.kt)("h4",{id:"raspberry-pi-os-arm64-beta"},(0,o.kt)("a",{parentName:"h4",href:"https://downloads.raspberrypi.org/raspios_arm64/images/"},"Raspberry Pi OS arm64 (beta)")),(0,o.kt)("p",null,"Raspberry Pi OS use the standard Debian repositories,\nso it is fully compatible with Debian's arm64 repository.\nYou can simply follow the ",(0,o.kt)("a",{parentName:"p",href:"#debian"},"steps for Debian")," to install Podman."),(0,o.kt)("h4",{id:"rhel7"},(0,o.kt)("a",{parentName:"h4",href:"https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux"},"RHEL7")),(0,o.kt)("p",null,"Subscribe, then enable Extras channel and install Podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo subscription-manager repos --enable=rhel-7-server-extras-rpms\nsudo yum -y install podman\n")),(0,o.kt)("h4",{id:"rhel8"},(0,o.kt)("a",{parentName:"h4",href:"https://developers.redhat.com/rhel8"},"RHEL8")),(0,o.kt)("p",null,"Podman is included in the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools")," module, along with Buildah and Skopeo."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo yum module enable -y container-tools:rhel8\nsudo yum module install -y container-tools:rhel8\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:rhel8")," is the fast application stream, containing most recent rolling versions of the tools. Use the ",(0,o.kt)("inlineCode",{parentName:"p"},"container-tools:2.0")," stream for stable versions of Podman 1.6. The command ",(0,o.kt)("inlineCode",{parentName:"p"},"yum module list container-tools")," shows the available streams."),(0,o.kt)("h4",{id:"ubuntu"},(0,o.kt)("a",{parentName:"h4",href:"https://www.ubuntu.com"},"Ubuntu")),(0,o.kt)("p",null,"The podman package is available in the official repositories for Ubuntu 20.10\nand newer."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Ubuntu 20.10 and newer\nsudo apt-get update\nsudo apt-get -y install podman\n")),(0,o.kt)("p",null,"If you would prefer newer (though not as well-tested) packages including RC\nversions, the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project"),"\nprovides packages for the latest Ubuntu versions.\nCheckout the ",(0,o.kt)("a",{parentName:"p",href:"https://build.opensuse.org/package/show/devel:kubic:libcontainers:unstable/podman"},"Kubic project page"),"\nfor a list of supported Ubuntu versions and\narchitecture combinations. ",(0,o.kt)("strong",{parentName:"p"},"NOTE:")," The command ",(0,o.kt)("inlineCode",{parentName:"p"},"sudo apt-get -y upgrade"),"\nmaybe required in some cases if Podman cannot be installed without it.\nThe Kubic packages are built using ",(0,o.kt)("a",{parentName:"p",href:"https://src.fedoraproject.org/rpms/podman/blob/rawhide/f/podman.spec"},"Fedora's packaging\nsources"),"."),(0,o.kt)("p",null,"CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo\nOR the official Ubuntu repos. Mixing and matching may lead to unpredictable situations including installation conflicts."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo mkdir -p /etc/apt/keyrings\ncurl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" \\\n | gpg --dearmor \\\n | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null\necho \\\n "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\\\n https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \\\n | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null\nsudo apt-get update -qq\nsudo apt-get -qq -y install podman\n')),(0,o.kt)("h4",{id:"linux-mint"},(0,o.kt)("a",{parentName:"h4",href:"https://linuxmint.com"},"Linux Mint")),(0,o.kt)("p",null,"Follow the steps for Ubuntu (or Debian if you use LMDE)."),(0,o.kt)("p",null,"Replace ",(0,o.kt)("inlineCode",{parentName:"p"},"$(lsb_release -rs)")," with ",(0,o.kt)("inlineCode",{parentName:"p"},'$(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2)')," for Ubuntu steps."),(0,o.kt)("h3",{id:"installing-development-versions-of-podman"},"Installing development versions of Podman"),(0,o.kt)("h4",{id:"fedora-1"},(0,o.kt)("a",{parentName:"h4",href:"https://getfedora.org"},"Fedora")),(0,o.kt)("p",null,"You can test the very latest Podman in Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),"\nrepository before it goes out to all Fedora users."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-console"},"sudo dnf update --refresh --enablerepo=updates-testing podman\n")),(0,o.kt)("p",null,"If you use a newer Podman package from Fedora's ",(0,o.kt)("inlineCode",{parentName:"p"},"updates-testing"),", we would\nappreciate your ",(0,o.kt)("inlineCode",{parentName:"p"},"+1")," feedback in ",(0,o.kt)("a",{parentName:"p",href:"https://bodhi.fedoraproject.org/updates/?packages=podman"},"Bodhi, Fedora's update management\nsystem"),"."),(0,o.kt)("h3",{id:"installing-bleeding-edge-versions-of-podman"},"Installing bleeding-edge versions of Podman"),(0,o.kt)("p",null,"If you like danger and are interested in testing the latest\nunreleased bits of Podman on Fedora, CentOS and RHEL, we have a ",(0,o.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"Copr repository"),"."),(0,o.kt)("p",null,"CAUTION: This repository contains rpm builds generated using the ",(0,o.kt)("inlineCode",{parentName:"p"},"main")," branch\nof upstream container tools repositories, and simply CANNOT be recommended for\nany production use."),(0,o.kt)("p",null,"RHEL8 / CentOS 8 Stream users would first need to disable the container-tools\nmodule. All other users can skip this step."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf module disable container-tools -y\n")),(0,o.kt)("p",null,"Enable the Copr and install podman."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf copr enable rhcontainerbot/podman-next -y\nsudo dnf install podman\n")),(0,o.kt)("h2",{id:"installing-on-freebsd-140"},"Installing on ",(0,o.kt)("a",{parentName:"h2",href:"https://freebsd.org"},"FreeBSD")," 14.0"),(0,o.kt)("blockquote",null,(0,o.kt)("p",{parentName:"blockquote"},"[!WARNING]","\nThe FreeBSD port of the Podman container engine is experimental and should be used for evaluation and testing purposes only.")),(0,o.kt)("p",null,"You can install Podman on FreeBSD using ",(0,o.kt)("inlineCode",{parentName:"p"},"pkg"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"pkg install podman\n")),(0,o.kt)("p",null,"There's also a ",(0,o.kt)("inlineCode",{parentName:"p"},"podman-suite")," meta package that will pull additional packages for you (buildah, skopeo)."),(0,o.kt)("h4",{id:"initial-configuration"},"Initial configuration"),(0,o.kt)("p",null,"To properly support Podman's container restart policy, conmon needs ",(0,o.kt)("inlineCode",{parentName:"p"},"fdescfs(5)")," to be mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd"),"."),(0,o.kt)("p",null,"If ",(0,o.kt)("inlineCode",{parentName:"p"},"/dev/fd")," is not already mounted:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"mount -t fdescfs fdesc /dev/fd\n")),(0,o.kt)("p",null,"To make it permanent, add the following line to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/fstab"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"fdesc /dev/fd fdescfs rw 0 0\n")),(0,o.kt)("p",null,"To start Podman after reboot:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"service podman enable\n")),(0,o.kt)("h5",{id:"networking"},"Networking"),(0,o.kt)("p",null,"Container networking relies on NAT to allow container network packets out to the host's network. This requires a PF firewall to perform the translation. A simple example is included - to use it:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf\n")),(0,o.kt)("p",null,"Edit ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf")," and set ",(0,o.kt)("inlineCode",{parentName:"p"},"v4egress_if"),", ",(0,o.kt)("inlineCode",{parentName:"p"},"v6egress_if")," variables to your network interface(s)s"),(0,o.kt)("p",null,"Enable and start ",(0,o.kt)("inlineCode",{parentName:"p"},"pf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"service pf enable\nservice pf start\n")),(0,o.kt)("p",null,"The sample PF configuration includes support for port redirections. These are implemented as redirect rules in anchors nested under cni-rdr."),(0,o.kt)("p",null,"Support for redirecting connections from the container host to services running inside a container is included for FreeBSD 13.3 and later. To enable this, first load the pf kernel module and enable PF support for these redirections using sysctl:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"echo 'pf_load=\"YES\"' >> /boot/loader.conf\nkldload pf\nsysctl net.pf.filter_local=1\necho 'net.pf.filter_local=1' >> /etc/sysctl.conf.local\nservice pf restart\n")),(0,o.kt)("p",null,"Redirect rules will work if the destination address is localhost (e.g. 127.0.0.1 or ::1) - to enable this, the following line must be included in your ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'nat-anchor "cni-rdr/*"\n')),(0,o.kt)("p",null,"if upgrading from an older version, this needs to be added to ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/pf.conf"),"."),(0,o.kt)("p",null,"For example if host port 1234 is redirected to an http service running in a\ncontainer, you could connect to it using:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://$(hostname):1234\n")),(0,o.kt)("p",null,"or"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"fetch -o- http://localhost:1234\n")),(0,o.kt)("h5",{id:"storage"},"Storage"),(0,o.kt)("p",null,"Container images and related state is stored in ",(0,o.kt)("inlineCode",{parentName:"p"},"/var/db/containers"),". It is recommended to use ZFS for this:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"zfs create -o mountpoint=/var/db/containers zroot/containers\n")),(0,o.kt)("p",null,"If your system cannot use ZFS, change ",(0,o.kt)("inlineCode",{parentName:"p"},"storage.conf")," to use the ",(0,o.kt)("inlineCode",{parentName:"p"},"vfs")," storage driver:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sed -I .bak -e \'s/driver = "zfs"/driver = "vfs"/\' /usr/local/etc/containers/storage.conf\n')),(0,o.kt)("h5",{id:"verification"},"Verification"),(0,o.kt)("p",null,"After following these steps you should be able to run native images:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"podman run --rm docker.io/dougrabson/hello\n")),(0,o.kt)("h5",{id:"linux-emulation"},"Linux Emulation"),(0,o.kt)("p",null,"It is possible to run many Linux container images using FreeBSD's Linux emulation:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'sudo sysrc linux_enable=YES\nsudo service linux start\nsudo podman run --rm --os=linux alpine cat /etc/os-release | head -1\nNAME="Alpine Linux"\n')),(0,o.kt)("h2",{id:"building-from-source"},"Building from Source"),(0,o.kt)("h3",{id:"build-and-run-dependencies"},"Build and Run Dependencies"),(0,o.kt)("p",null,(0,o.kt)("strong",{parentName:"p"},"Required")),(0,o.kt)("p",null,"On Fedora:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# Install build dependencies\nsudo dnf -y builddep rpm/podman.spec\n\n# Install runtime dependencies\nsudo dnf -y install catatonit conmon containers-common-extra\n")),(0,o.kt)("p",null,"On all RHEL and CentOS Stream, first install ",(0,o.kt)("inlineCode",{parentName:"p"},"dnf-builddep"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install 'dnf-command(builddep)'\n")),(0,o.kt)("p",null,"Install build dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"# CentOS Stream 8\nsudo dnf -y builddep rpm/podman.spec --enablerepo=powertools\n\n# CentOS Stream 9\nsudo dnf -y builddep rpm/podman.spec --enablerepo=crb\n\n# RHEL (8 and newer)\nsudo dnf -y builddep rpm/podman.spec --enablerepo=codeready-builder-for-rhel-$(rpm --eval %{?rhel})-$(uname -m)-rpms\n")),(0,o.kt)("p",null,"Install runtime dependencies:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo dnf -y install \\\n conmon \\\n containers-common \\\n crun \\\n iptables \\\n netavark \\\n nftables \\\n slirp4netns\n")),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo apt-get install \\\n btrfs-progs \\\n crun \\\n git \\\n golang-go \\\n go-md2man \\\n iptables \\\n libassuan-dev \\\n libbtrfs-dev \\\n libc6-dev \\\n libdevmapper-dev \\\n libglib2.0-dev \\\n libgpgme-dev \\\n libgpg-error-dev \\\n libprotobuf-dev \\\n libprotobuf-c-dev \\\n libseccomp-dev \\\n libselinux1-dev \\\n libsystemd-dev \\\n netavark \\\n pkg-config \\\n uidmap\n")),(0,o.kt)("p",null,"The ",(0,o.kt)("inlineCode",{parentName:"p"},"netavark")," package may not be available on older Debian / Ubuntu\nversions. Install the ",(0,o.kt)("inlineCode",{parentName:"p"},"containernetworking-plugins")," package instead."),(0,o.kt)("p",null,"On openSUSE Leap 15.x and Tumbleweed:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo zypper -n in libseccomp-devel libgpgme-devel\n")),(0,o.kt)("p",null,"On Manjaro (and maybe other Linux distributions):"),(0,o.kt)("p",null,"Make sure that the Linux kernel supports user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"> zgrep CONFIG_USER_NS /proc/config.gz\nCONFIG_USER_NS=y\n\n")),(0,o.kt)("p",null,"If not, please update the kernel.\nFor Manjaro Linux the instructions can be found here:\n",(0,o.kt)("a",{parentName:"p",href:"https://wiki.manjaro.org/index.php/Manjaro_Kernels"},"https://wiki.manjaro.org/index.php/Manjaro_Kernels")),(0,o.kt)("p",null,"After that enable user namespaces:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"sudo sysctl kernel.unprivileged_userns_clone=1\n")),(0,o.kt)("p",null,"To enable the user namespaces permanently:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf\n")),(0,o.kt)("h3",{id:"building-missing-dependencies"},"Building missing dependencies"),(0,o.kt)("p",null,"If any dependencies cannot be installed or are not sufficiently current, they have to be built from source.\nThis will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs)."),(0,o.kt)("h4",{id:"golang"},"golang"),(0,o.kt)("p",null,"Be careful to double-check that the version of golang is new enough (i.e. ",(0,o.kt)("inlineCode",{parentName:"p"},"go version"),"), as of January 2022 version is 1.16.x or higher is required.\nThe current minimum required version can always be found in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/go.mod"},"go.mod")," file.\nIf needed, golang kits are available at ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/dl/"},"https://golang.org/dl/"),". Alternatively, go can be built from source as follows\n(it's helpful to leave the system-go installed, to avoid having to ",(0,o.kt)("a",{parentName:"p",href:"https://golang.org/doc/install/source"},"bootstrap go"),":"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"export GOPATH=~/go\ngit clone https://go.googlesource.com/go $GOPATH\ncd $GOPATH\ncd src\n./all.bash\nexport PATH=$GOPATH/bin:$PATH\n")),(0,o.kt)("h4",{id:"conmon"},"conmon"),(0,o.kt)("p",null,"The latest version of ",(0,o.kt)("inlineCode",{parentName:"p"},"conmon")," is expected to be installed on the system. Conmon is used to monitor OCI Runtimes.\nTo build from source, use the following:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/conmon\ncd conmon\nexport GOCACHE="$(mktemp -d)"\nmake\nsudo make podman\n')),(0,o.kt)("h4",{id:"crun--runc"},"crun / runc"),(0,o.kt)("p",null,"The latest version of at least one container runtime is expected to be installed on the system. ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are some of the possibilities, and one is picked up as the default runtime by Podman (crun has priority over runc).\nSupported versions of ",(0,o.kt)("inlineCode",{parentName:"p"},"crun")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," are available for example on Ubuntu 22.04.\n",(0,o.kt)("inlineCode",{parentName:"p"},"runc")," version 1.0.0-rc4 is the minimal requirement, which is available since Ubuntu 18.04."),(0,o.kt)("p",null,"To double-check, ",(0,o.kt)("inlineCode",{parentName:"p"},"runc --version")," should produce at least ",(0,o.kt)("inlineCode",{parentName:"p"},"spec: 1.0.1"),", otherwise build your own:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc\ncd $GOPATH/src/github.com/opencontainers/runc\nmake BUILDTAGS="selinux seccomp"\nsudo cp runc /usr/bin/runc\n')),(0,o.kt)("h4",{id:"cni-plugins"},"CNI plugins"),(0,o.kt)("h4",{id:"setup-cni-networking"},"Setup CNI networking"),(0,o.kt)("p",null,"A proper description of setting up CNI networking is given in the ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/cni/README.md"},(0,o.kt)("inlineCode",{parentName:"a"},"cni")," README"),"."),(0,o.kt)("p",null,"A basic setup for CNI networking is done by default during the installation or make processes and\nno further configuration is needed to start using Podman."),(0,o.kt)("h4",{id:"add-configuration"},"Add configuration"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo mkdir -p /etc/containers\nsudo curl -L -o /etc/containers/registries.conf https://src.fedoraproject.org/rpms/containers-common/raw/main/f/registries.conf\nsudo curl -L -o /etc/containers/policy.json https://src.fedoraproject.org/rpms/containers-common/raw/main/f/default-policy.json\n")),(0,o.kt)("h4",{id:"optional-packages"},"Optional packages"),(0,o.kt)("p",null,"Fedora, CentOS, RHEL, and related distributions:"),(0,o.kt)("p",null,"(no optional packages)"),(0,o.kt)("p",null,"Debian, Ubuntu, and related distributions:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"apt-get install -y \\\n libapparmor-dev\n")),(0,o.kt)("h3",{id:"get-source-code"},"Get Source Code"),(0,o.kt)("p",null,"First, ensure that the ",(0,o.kt)("inlineCode",{parentName:"p"},"go version")," that is found first on the $PATH is 1.16.x or higher. Instruction ",(0,o.kt)("a",{parentName:"p",href:"#golang"},"above")," will help you compile newer version of Go if needed. Then we can build Podman:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'git clone https://github.com/containers/podman/\ncd podman\nmake BUILDTAGS="selinux seccomp" PREFIX=/usr\nsudo make install PREFIX=/usr\n')),(0,o.kt)("h4",{id:"build-tags"},"Build Tags"),(0,o.kt)("p",null,"Otherwise, if you do not want to build Podman with seccomp or selinux support you can add ",(0,o.kt)("inlineCode",{parentName:"p"},'BUILDTAGS=""')," when running make."),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},'make BUILDTAGS=""\nsudo make install\n')),(0,o.kt)("p",null,"Podman supports optional build tags for compiling support of various features.\nTo add build tags to the make option the ",(0,o.kt)("inlineCode",{parentName:"p"},"BUILDTAGS")," variable must be set, for example:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"make BUILDTAGS='seccomp apparmor'\n")),(0,o.kt)("table",null,(0,o.kt)("thead",{parentName:"table"},(0,o.kt)("tr",{parentName:"thead"},(0,o.kt)("th",{parentName:"tr",align:null},"Build Tag"),(0,o.kt)("th",{parentName:"tr",align:null},"Feature"),(0,o.kt)("th",{parentName:"tr",align:null},"Dependency"))),(0,o.kt)("tbody",{parentName:"table"},(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"apparmor"),(0,o.kt)("td",{parentName:"tr",align:null},"apparmor support"),(0,o.kt)("td",{parentName:"tr",align:null},"libapparmor")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude btrfs"),(0,o.kt)("td",{parentName:"tr",align:null},"libbtrfs")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"exclude_graphdriver_devicemapper"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude device-mapper"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"libdm_no_deferred_remove"),(0,o.kt)("td",{parentName:"tr",align:null},"exclude deferred removal in libdm"),(0,o.kt)("td",{parentName:"tr",align:null},"libdm")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"seccomp"),(0,o.kt)("td",{parentName:"tr",align:null},"syscall filtering"),(0,o.kt)("td",{parentName:"tr",align:null},"libseccomp")),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"selinux"),(0,o.kt)("td",{parentName:"tr",align:null},"selinux process and mount labeling"),(0,o.kt)("td",{parentName:"tr",align:null})),(0,o.kt)("tr",{parentName:"tbody"},(0,o.kt)("td",{parentName:"tr",align:null},"systemd"),(0,o.kt)("td",{parentName:"tr",align:null},"journald logging"),(0,o.kt)("td",{parentName:"tr",align:null},"libsystemd")))),(0,o.kt)("p",null,"Note that Podman does not officially support device-mapper. Thus, the ",(0,o.kt)("inlineCode",{parentName:"p"},"exclude_graphdriver_devicemapper")," tag is mandatory."),(0,o.kt)("h3",{id:"vendoring---dependency-management"},"Vendoring - Dependency Management"),(0,o.kt)("p",null,"This project is using ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/golang/go/wiki/Modules"},"go modules")," for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run ",(0,o.kt)("inlineCode",{parentName:"p"},"make vendor")," to synchronize the code with the go module and repopulate the ",(0,o.kt)("inlineCode",{parentName:"p"},"./vendor")," directory."),(0,o.kt)("h4",{id:"ansible"},"Ansible"),(0,o.kt)("p",null,"An ",(0,o.kt)("a",{parentName:"p",href:"https://github.com/alvistack/ansible-role-podman"},"Ansible Role")," is\nalso available to automate the installation of the above statically\nlinked binary on its supported OS:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre",className:"language-bash"},"sudo su -\nmkdir -p ~/.ansible/roles\ncd ~/.ansible/roles\ngit clone https://github.com/alvistack/ansible-role-podman.git podman\ncd ~/.ansible/roles/podman\npip3 install --upgrade --ignore-installed --requirement requirements.txt\nmolecule converge\nmolecule verify\n")),(0,o.kt)("h2",{id:"configuration-files"},"Configuration files"),(0,o.kt)("h3",{id:"registriesconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/registries.conf"},"registries.conf")),(0,o.kt)("h4",{id:"man-page-registriesconf5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md"},"registries.conf.5")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/registries.conf")),(0,o.kt)("p",null,"registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'$ cat /etc/containers/registries.conf\n# For more information on this configuration file, see containers-registries.conf(5).\n#\n# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES\n# We recommend always using fully qualified image names including the registry\n# server (full dns name), namespace, image name, and tag\n# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,\n# quay.io/repository/name@digest) further eliminates the ambiguity of tags.\n# When using short names, there is always an inherent risk that the image being\n# pulled could be spoofed. For example, a user wants to pull an image named\n# `foobar` from a registry and expects it to come from myregistry.com. If\n# myregistry.com is not first in the search list, an attacker could place a\n# different `foobar` image at a registry earlier in the search list. The user\n# would accidentally pull and run the attacker\'s image and code rather than the\n# intended content. We recommend only adding registries which are completely\n# trusted (i.e., registries which don\'t allow unknown or anonymous users to\n# create accounts with arbitrary names). This will prevent an image from being\n# spoofed, squatted or otherwise made insecure. If it is necessary to use one\n# of these registries, it should be added at the end of the list.\n#\n# # An array of host[:port] registries to try when pulling an unqualified image, in order.\nunqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]\n#\n# [[registry]]\n# # The "prefix" field is used to choose the relevant [[registry]] TOML table;\n# # (only) the TOML table with the longest match for the input image name\n# # (taking into account namespace/repo/tag/digest separators) is used.\n# #\n# # If the prefix field is missing, it defaults to be the same as the "location" field.\n# prefix = "example.com/foo"\n#\n# # If true, unencrypted HTTP as well as TLS connections with untrusted\n# # certificates are allowed.\n# insecure = false\n#\n# # If true, pulling images with matching names is forbidden.\n# blocked = false\n#\n# # The physical location of the "prefix"-rooted namespace.\n# #\n# # By default, this equal to "prefix" (in which case "prefix" can be omitted\n# # and the [[registry]] TOML table can only specify "location").\n# #\n# # Example: Given\n# # prefix = "example.com/foo"\n# # location = "internal-registry-for-example.net/bar"\n# # requests for the image example.com/foo/myimage:latest will actually work with the\n# # internal-registry-for-example.net/bar/myimage:latest image.\n# location = "internal-registry-for-example.com/bar"\n#\n# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.\n# #\n# # The mirrors are attempted in the specified order; the first one that can be\n# # contacted and contains the image will be used (and if none of the mirrors contains the image,\n# # the primary location specified by the "registry.location" field, or using the unmodified\n# # user-specified reference, is tried last).\n# #\n# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics\n# # as if specified in the [[registry]] TOML table directly:\n# # - location\n# # - insecure\n# [[registry.mirror]]\n# location = "example-mirror-0.local/mirror-for-foo"\n# [[registry.mirror]]\n# location = "example-mirror-1.local/mirrors/foo"\n# insecure = true\n# # Given the above, a pull of example.com/foo/image:latest will try:\n# # 1. example-mirror-0.local/mirror-for-foo/image:latest\n# # 2. example-mirror-1.local/mirrors/foo/image:latest\n# # 3. internal-registry-for-example.net/bar/image:latest\n# # in order, and use the first one that exists.\n#\n# short-name-mode="enforcing"\n\n[[registry]]\nlocation="localhost:5000"\ninsecure=true\n')),(0,o.kt)("h3",{id:"mountsconf"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/mounts.conf"},"mounts.conf")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/mounts.conf")," and optionally ",(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/mounts.conf")),(0,o.kt)("p",null,"The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the ",(0,o.kt)("inlineCode",{parentName:"p"},"podman run")," or ",(0,o.kt)("inlineCode",{parentName:"p"},"podman build")," commands. Container process can then use this content. The volume mount content does not get committed to the final image."),(0,o.kt)("p",null,"Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories."),(0,o.kt)("p",null,'For example, a mounts.conf with the line "',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets:/run/secrets"),'", the content of ',(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/rhel/secrets")," directory is mounted on ",(0,o.kt)("inlineCode",{parentName:"p"},"/run/secrets")," inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container."),(0,o.kt)("p",null,"Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host."),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-1"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},"cat /usr/share/containers/mounts.conf\n/usr/share/rhel/secrets:/run/secrets\n")),(0,o.kt)("h3",{id:"seccompjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/seccomp.json"},"seccomp.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/usr/share/containers/seccomp.json")),(0,o.kt)("p",null,"seccomp.json contains the whitelist of seccomp rules to be allowed inside of\ncontainers. This file is usually provided by the containers-common package."),(0,o.kt)("p",null,"The link above takes you to the seccomp.json"),(0,o.kt)("h3",{id:"policyjson"},(0,o.kt)("a",{parentName:"h3",href:"https://src.fedoraproject.org/rpms/containers-common/blob/main/f/default-policy.json"},"policy.json")),(0,o.kt)("p",null,(0,o.kt)("inlineCode",{parentName:"p"},"/etc/containers/policy.json")),(0,o.kt)("h4",{id:"man-page-policyjson5"},"Man Page: ",(0,o.kt)("a",{parentName:"h4",href:"https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md"},"policy.json.5")),(0,o.kt)("h4",{id:"example-from-the-fedora-containers-common-package-2"},"Example from the Fedora ",(0,o.kt)("inlineCode",{parentName:"h4"},"containers-common")," package:"),(0,o.kt)("pre",null,(0,o.kt)("code",{parentName:"pre"},'cat /etc/containers/policy.json\n{\n "default": [\n {\n "type": "insecureAcceptAnything"\n }\n ],\n "transports":\n {\n "docker-daemon":\n {\n "": [{"type":"insecureAcceptAnything"}]\n }\n }\n}\n')))}c.isMDXComponent=!0}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.28e736e0.js b/assets/js/runtime~main.1443488a.js similarity index 99% rename from assets/js/runtime~main.28e736e0.js rename to assets/js/runtime~main.1443488a.js index c8ca153f2..1a0c44f1a 100644 --- a/assets/js/runtime~main.28e736e0.js +++ b/assets/js/runtime~main.1443488a.js @@ -1 +1 @@ -(()=>{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"12970e31",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"d9ceb584",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"2d379837",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"396fd9e0",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n{"use strict";var e,d,c,a,b,f={},t={};function r(e){var d=t[e];if(void 0!==d)return d.exports;var c=t[e]={id:e,loaded:!1,exports:{}};return f[e].call(c.exports,c,c.exports,r),c.loaded=!0,c.exports}r.m=f,r.c=t,e=[],r.O=(d,c,a,b)=>{if(!c){var f=1/0;for(i=0;i=b)&&Object.keys(r.O).every((e=>r.O[e](c[o])))?c.splice(o--,1):(t=!1,b0&&e[i-1][2]>b;i--)e[i]=e[i-1];e[i]=[c,a,b]},r.n=e=>{var d=e&&e.__esModule?()=>e.default:()=>e;return r.d(d,{a:d}),d},c=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,r.t=function(e,a){if(1&a&&(e=this(e)),8&a)return e;if("object"==typeof e&&e){if(4&a&&e.__esModule)return e;if(16&a&&"function"==typeof e.then)return e}var b=Object.create(null);r.r(b);var f={};d=d||[null,c({}),c([]),c(c)];for(var t=2&a&&e;"object"==typeof t&&!~d.indexOf(t);t=c(t))Object.getOwnPropertyNames(t).forEach((d=>f[d]=()=>e[d]));return f.default=()=>e,r.d(b,f),b},r.d=(e,d)=>{for(var c in d)r.o(d,c)&&!r.o(e,c)&&Object.defineProperty(e,c,{enumerable:!0,get:d[c]})},r.f={},r.e=e=>Promise.all(Object.keys(r.f).reduce(((d,c)=>(r.f[c](e,d),d)),[])),r.u=e=>"assets/js/"+({21:"300f4cd6",109:"795f3bdb",312:"15d0580c",747:"260a4a36",815:"c7567e98",925:"36e2d848",940:"18f6552f",983:"d3ca5c2e",1087:"94dc7cfd",1238:"b5cde707",1310:"fc1fe8cd",1358:"5a7d75ff",1416:"6cda4436",1438:"b28576cd",1488:"78e22a47",1514:"6e48d5f2",1741:"5a638c7a",1953:"3e8d5da4",2077:"1e439a5b",2232:"6f8faf89",2271:"9cc26b9a",2322:"dcd93014",2466:"a500dec7",2467:"6d895060",2572:"1f1afc48",2879:"41bc5d3f",3007:"e7e456ae",3419:"b420e108",3465:"1431f569",3694:"88dfd727",3729:"2e0a315c",4247:"1b19517e",4250:"16b64f07",4336:"70365baa",4358:"0b13c270",4714:"08650cf2",4847:"e257e53c",4998:"e8f48e86",5166:"7bbfc3b6",5215:"3b4c1a08",5291:"00feb899",5422:"30983fb2",5426:"f41d5350",5481:"77a3d39e",5488:"b1a5927e",5510:"bf00a8d0",5569:"dfbccedb",5774:"9ec8eba6",6182:"dfcf29be",6213:"55e4d810",6380:"1ac601ec",6455:"2b956348",6740:"9f833be8",6795:"e30f1b57",7069:"98fbcf17",7087:"3da98dca",7096:"173771a7",7319:"2f0cfb14",7328:"b0998319",7383:"ad8204b4",7392:"a6195e9a",7402:"fbb59325",7457:"ed94db85",7659:"ccd53d21",7695:"993aa953",7703:"9482ce64",7741:"a4d3bfdf",7786:"8917ad4d",7789:"c41a9bbf",7800:"5757960c",7811:"d0a74388",7865:"2c65c31e",7899:"d45a981c",8007:"63c93610",8214:"6598a7ba",8243:"bcfd1a7d",8298:"687e20bc",8338:"ad85b1ef",8523:"8a33da19",8654:"03cfa6f7",8914:"f7385094",8934:"8dcf93dc",9093:"ad9bab9a",9104:"bd403acb",9140:"3706fe77",9546:"655adf18",9621:"8dd461fc",9769:"7e337a56",9784:"84261676",9887:"0619e1d5",10149:"370de2d9",10330:"12a06ad6",10409:"d19115d7",10507:"3e12f454",10554:"a4c05209",10582:"e6dd6da5",10601:"a3470c53",10623:"62314bb1",10648:"b6d3d2df",10654:"8d265025",10704:"23352ec4",10962:"e2da1f85",11177:"f6a9426b",11180:"7aa5df64",11274:"4f3516e2",11310:"1b267c09",11426:"9790f6d3",11618:"a6016a7e",11697:"5b09d46c",11930:"4f5d49a9",11938:"a1963bff",12021:"33212b4b",12026:"f031a327",12066:"a0e6b5c2",12105:"1d52074d",12205:"ce50ea2a",12368:"3f6be463",12585:"edbec64d",12602:"5457b00e",12603:"d5af26f4",12658:"3a435e54",12681:"c81b193a",12865:"7371e1a3",12882:"1c0e9aa0",13056:"f8b3aa78",13072:"a94ee45d",13123:"bc4d58a4",13245:"36d71838",13261:"3e264488",13344:"cb7043f0",13460:"7bde4295",13575:"edea3d23",13581:"00d5b134",13634:"90925eb7",13825:"c945ac6e",14007:"861f751b",14050:"71f012fd",14085:"c103f181",14640:"30269bac",14873:"fc06a125",14986:"080a77b8",15062:"879b8a59",15185:"f4774aa2",15316:"826eb956",15350:"ecc58e23",15574:"90e47a5b",15651:"915a4fec",15709:"995dbe35",15729:"a4cf8478",15736:"dd6e498d",15771:"dde9c6cc",15921:"90609308",15979:"e1bea0d2",16186:"23b969f8",16380:"126508e2",16684:"d8256cbb",16992:"8a8987ef",17104:"6ed3fb3b",17541:"1076f64b",17634:"672b3b49",17994:"ed200b07",18083:"64b2938c",18091:"e699d4d1",18233:"dc366153",18348:"af61538a",18503:"ab131112",18543:"84e59631",18654:"d20320e1",18676:"26684b7d",18746:"92b86d63",18952:"40f1cf9e",18975:"457b963a",19096:"7720bb24",19186:"40907c41",19336:"f56cf62c",19478:"6728c7a9",19480:"c4428c45",19509:"8e9960dc",19599:"e10d246f",19612:"37963c82",19720:"dfb5f0c7",19840:"d67039b7",20111:"fdfb486c",20119:"e2bf4803",20686:"868b8e17",20739:"6eed3feb",20769:"1cc400ce",20898:"acc03d12",21020:"34156d76",21022:"949f9e5c",21054:"8a5c65cb",21131:"c64c8a00",21290:"ecf397c5",21307:"7863a04f",21411:"a9af3507",21499:"6b670249",21511:"92e7b68f",21574:"2fd2ba7e",21594:"dec2802b",21715:"fec5c7d4",21926:"c6ca8e82",21994:"2ae252f9",22035:"bdf7d44f",22036:"07b2872f",22092:"50610133",22094:"f167b037",22159:"f42d2ef1",22348:"dcb471a6",22394:"58f46323",22498:"9a3d5681",22502:"a4f23293",22570:"1222082a",22609:"5e15c15b",22681:"3c116a82",22697:"42895aa9",22713:"eb29bc22",22965:"09772b34",22970:"15f6fe0f",23169:"146d05d7",23199:"b4ed5649",23475:"c283ece6",23486:"c9448d9e",23521:"f0de574e",23676:"eb3dc601",23719:"bff9d2be",23910:"175c78b3",23915:"3fa39283",24004:"d0fc3039",24174:"2132f2c8",24180:"0702198c",24212:"b6120ea9",24269:"833dfbe2",24276:"365269c3",24340:"cbf62e80",24349:"9cdc8175",24354:"20d73eb2",24464:"b02de59a",24720:"f98e13e4",24920:"7040ea16",24930:"77ff8c5f",25088:"27b2bedd",25297:"59476d7b",25480:"2ffafe2d",25561:"b00a96e0",25618:"fbf5a5bc",25915:"d33dc195",25929:"1b28acf9",26123:"2865d6a1",26283:"636ce216",26389:"526841b1",26546:"05d073aa",26571:"18ba6a46",26583:"22f788e4",26599:"d7924564",26780:"fe92c3c8",26824:"4ea5776c",27071:"9b14b78f",27103:"e43c6f85",27166:"c50c64c1",27278:"e93086c6",27339:"fa5a4d6d",27495:"8a77ded3",27510:"7ac58bfb",27785:"c709e528",27918:"17896441",28006:"2a769183",28027:"cbee0725",28045:"e5c15292",28065:"51a6b448",28109:"b8763a3d",28250:"3fdf6886",28294:"a73e6386",28424:"0a3ca7a0",28427:"41e2cb2a",28528:"fbc46c8d",28600:"3962ec11",28614:"a972ad3e",28621:"282850f5",28706:"bd9ea72b",28755:"b77b8c66",29106:"7a52780b",29245:"1c258b38",29307:"8bddd949",29514:"1be78505",29597:"6591a8d4",29753:"91d2db81",29946:"216a98d5",29969:"628c5638",29996:"07a41131",30144:"f2b72252",30433:"3151d179",30763:"56554851",30836:"0fc51021",30853:"dfea22ae",30868:"8c335d31",31289:"b52fa139",31301:"fb52e9b8",31386:"e6dd87aa",31422:"97f5f3c2",31472:"35eb483f",31617:"59c3a605",31626:"35265ade",31671:"cbd72529",31803:"1517121d",31809:"bc8b2a0c",31921:"08efe41f",31967:"03d0b641",32077:"7a4d057f",32263:"92103f47",32440:"5bc595e9",32535:"da36def6",32663:"69fd7c0e",32699:"8fd272bb",32764:"bd4362ca",32809:"759f5d40",32810:"4741f96c",32942:"70de5b5f",33019:"a4e49971",33040:"ce6ee837",33150:"e8d4cdb9",33191:"f6784245",33313:"93996e09",33514:"99dc4662",33698:"341b1c91",34049:"1e415b6f",34085:"cc549ae9",34093:"836ce71c",34176:"ce59b13f",34203:"3ad596a9",34224:"c4ffb2d2",34316:"f8990407",34377:"e3c905de",34682:"6d0e887d",34740:"078ca05e",34771:"9d708593",34967:"e9b5709f",34970:"913247ec",34998:"7c404f02",35119:"714a0345",35174:"7ac0181b",35206:"161a8a09",35223:"b3cc103d",35406:"d602a484",35542:"43947e47",35638:"f42f3bd8",35674:"3f324a56",35821:"284a080c",35839:"cfc90e78",35913:"e00fa61b",35995:"b49d70f9",36358:"0b3545e4",36516:"83ce496e",36549:"1d5b23e2",36555:"80a8b741",36668:"c968257b",36694:"4a506fa9",36714:"16b4412b",36777:"aa9d4f22",36868:"cca70ef7",36883:"077ee5ba",37300:"1f1b61b4",37503:"8887a228",37590:"c94d8736",37704:"5f6ea5d7",37739:"70ea087d",37861:"9bc8facc",37998:"4e5322cc",38002:"640423d2",38098:"99b17796",38130:"cd61fe91",38153:"9919686c",38279:"29a08e9a",38342:"1fd61002",38382:"e02565da",38429:"fb6c00a7",38515:"265621d8",38590:"29b0c18d",38773:"217d978d",38774:"d2eed707",39063:"f083362e",39184:"cefce2a2",39609:"c1660528",39652:"b0851ee2",39781:"7379db51",39840:"5447c5cf",39880:"1677abc3",39945:"91524627",39977:"30ad8f72",40104:"465a7087",40300:"1dcbf034",40363:"d3b3891b",40408:"d24baff8",40412:"2bd82a96",40421:"53d6371d",40578:"234e638a",40613:"59f2fdda",40791:"7259f1b1",41021:"90e6bfa4",41026:"4c5e3d0c",41048:"0a00aed9",41119:"1738210e",41232:"ea710672",41298:"969fec62",41337:"19e0fcb3",41490:"d449dcf1",41550:"fb6543cb",41600:"cb9e7599",41606:"5f3ec91d",41713:"6f23519e",41748:"b2974c0c",41797:"e9e146f9",41808:"f918b75b",41843:"d3ee8f76",41862:"7d20fe42",41863:"7820f9d0",41910:"cb0f9cfc",42060:"4c8bab11",42184:"e57902fd",42213:"42d74bd0",42293:"352fe4c2",42384:"f2b29f39",42408:"369767ab",42774:"56af85b5",42798:"4fbbeb6d",42807:"56e0102d",42815:"04c84ab7",42900:"461bbd2f",42908:"952453f2",42936:"8616380d",42957:"9ab9d50f",42977:"6b5f3f1c",43075:"cee81a32",43240:"6f717a16",43386:"619f4ce6",43527:"d9ff0d7c",43567:"7c224e35",43570:"f9f60325",43662:"e0085fac",43690:"f5855e91",43855:"0565c07f",43991:"c7c76429",44164:"76752974",44351:"4b04188a",44437:"03174832",44442:"ec8dee43",44689:"93f2b152",44913:"00f8cb14",45007:"649093c4",45182:"0befdadd",45403:"4fd18230",45570:"5f002f12",45585:"659951bd",45621:"456cfd32",45971:"5dbe590f",46003:"ca13f458",46021:"cf1ecaf1",46103:"ccc49370",46150:"d409a93e",46203:"8f876d16",46225:"bf3f6241",46265:"05e002f0",46348:"8e3c5f08",46406:"a70d2e82",46436:"32b646fc",46442:"88746a45",46596:"20979765",46651:"8ec6e829",46705:"f3740653",46734:"4a76d056",46762:"ac1eaa32",46779:"708daa68",46878:"7430a490",46947:"feb1236d",46971:"c377a04b",47057:"140f3dee",47362:"c617b3ad",47484:"244e56d5",47497:"51b3f280",47532:"52763308",47611:"9c8e56d0",47618:"7d2009bc",47647:"ab97ccc9",48085:"5bdb327e",48100:"9983579e",48111:"008e479d",48440:"0f92a9a8",48441:"2ea98982",48472:"005af5ea",48527:"bebebfab",48610:"6875c492",48772:"72cc6d1e",48797:"bfb74d34",49201:"2dd6b9ac",49277:"8a72ccb4",49492:"1c21ba58",50030:"29e3a43b",50065:"d3bd14d4",50154:"93ecf9d2",50155:"cf2b80f9",50295:"692db14d",50475:"199adf45",50536:"3ecf99f6",50566:"36fd6b31",50598:"5b418dd2",50682:"7455c1f8",50734:"a4ae065a",50786:"3b3d7813",51157:"b2fe1a56",51232:"92054cc8",51426:"cb97ded3",51519:"e957a797",51596:"3b10f148",51661:"5b1d965c",51701:"23091f88",51770:"f45be535",51893:"bf65740b",52131:"6dd1a436",52182:"ff85a2bf",52277:"46b1bedd",52303:"1398643a",52535:"814f3328",52607:"5cf52972",52642:"7a3cbbc1",52656:"d09cacbb",52685:"7fdede95",52908:"e830f50c",52916:"5183b70e",52961:"991a0614",53015:"0902dbf0",53121:"001e1716",53237:"1df93b7f",53303:"6e286be6",53608:"9e4087bc",53711:"1a5edc34",53834:"f24dcdab",53978:"cd4bceb7",54142:"c177c35c",54197:"6767fc64",54257:"f656ff8f",54369:"bc7ebba5",54400:"fae58180",54468:"4fe46fb7",54495:"52caa0fa",54549:"ae5766d7",54763:"f8085e57",54768:"04de07fa",54779:"79f1cb63",54797:"51e252e1",54868:"c0fac2c5",54915:"0602922c",54993:"0614adf5",55183:"52d10dde",55374:"91958274",55395:"e6bd1150",55444:"7f5a4972",55458:"e05e4f28",55713:"aeaca7a3",55764:"a55c14b2",55791:"e333f46c",55817:"63814cb7",56104:"f30c03b2",56294:"d7fd4a45",56345:"d7be0b9b",56427:"7313540a",56454:"747c87af",56461:"66766c59",56630:"deb891b7",56779:"1aba2a20",56805:"2c647459",56942:"c0a645c7",56948:"4a70cc0d",57205:"c4fd52e5",57256:"c9fea71a",57365:"ca20a8fe",57456:"7792adb1",57523:"770d309f",57574:"1cc46930",57740:"b0c2e5ed",57793:"59f6952c",57842:"4fdcd587",57891:"42428214",58139:"cfa87347",58231:"b6130486",58253:"b8678d1a",58255:"161712d6",58273:"bb28fa20",58349:"6f94884f",58494:"92228e60",58581:"a5b4528c",58695:"89f437f7",58805:"6ff39321",58821:"46886cb0",58886:"a3ee450e",58967:"bbf3cda5",59134:"dac8816f",59300:"453c4055",59337:"2a592757",59353:"18f289aa",59425:"316e84de",59525:"ea5ecbc5",59559:"f5d6dd48",59682:"f67e3aa3",59694:"fb22e237",59706:"2cd08dad",59726:"b878c13e",59814:"01d5614e",59825:"8a703bd1",59827:"047e6a26",60266:"4bf67133",60380:"eb9d40ec",60467:"03118738",60608:"a9e69a82",60780:"d5bfda9e",60821:"daab0409",60930:"3b1282ea",60996:"4bdadcb4",61157:"dff31f53",61213:"190acd9c",61265:"053d7e42",61337:"db189e95",61554:"f4d442d5",61581:"53470b9e",61708:"08d52cd0",61763:"076802e0",61766:"16029c63",61846:"1170c774",61890:"481cb13b",61931:"4e8ec2d5",61981:"24e002ac",62024:"5f058c77",62109:"3488fd6c",62275:"5837c87c",62324:"06d6451e",62543:"9c92bc77",62693:"9d79cf0f",62811:"b4cdaeff",62974:"fafc9877",63022:"4db9da1d",63048:"49fd035e",63147:"b90f1cd1",63299:"f70b5741",63376:"8765036c",63410:"70c58991",63434:"f83dc955",63684:"bf342a85",63693:"ce7dab8e",63797:"65769068",63905:"6acab07e",63998:"fc3f47a8",64013:"01a85c17",64070:"3cc8df7b",64247:"752e02a7",64322:"22d1e350",64325:"0da6392e",64395:"65a1b790",64411:"74b3ebbb",64600:"9f2791cf",64658:"bf7df328",64748:"95446c39",64822:"ac3a39d8",64838:"ad8e7dcc",64854:"72457b75",64964:"bc300906",64967:"4ab0658f",64978:"08d58ed6",65051:"c10b9920",65161:"5a44e4dd",65193:"eb5c7b0a",65301:"8731dd32",65362:"bb0c4597",65480:"eb5263e4",65533:"4e6ed8f3",65540:"783edba4",65548:"d6487ff7",65637:"79c12c19",65731:"cfbe9d8e",65754:"47bafca7",65839:"75fb7ff2",65870:"02ec521e",65878:"ef25bb1f",66095:"d7245e62",66232:"9a544e45",66291:"18c538ec",66342:"a59e0362",66377:"a530b0d2",66513:"00b87587",66662:"b5430557",66789:"b46e9e7c",67036:"1055a711",67060:"3ed7e301",67232:"019131da",67301:"20a75fd7",67356:"1ddde341",67371:"3d57ba44",67431:"a90d1c60",67570:"d9f8802d",67579:"b3089a88",67581:"84090fe9",67624:"4b415865",67764:"4a41c9ed",67826:"adcbe9eb",67873:"df12da97",68418:"7d1e7a7c",68493:"fce9c71b",68540:"d553c684",68925:"d9a4e4a9",68959:"9abfca86",69040:"2c2bdd6a",69047:"78aa31c9",69078:"2b1e53d2",69164:"4d635c76",69228:"f14b45bb",69300:"2628b79f",69319:"170c3def",69320:"0965286a",69538:"36b5d89b",69593:"e527a4fd",69678:"e8df2429",69796:"65d527ac",69853:"d9dc158b",70163:"f17a645b",70198:"8d2190cc",70527:"8ccefe70",70545:"276a35f2",70714:"1dc9c973",70772:"b8ce7dc9",70879:"eb51026c",71473:"c93a2b7b",71518:"e4d0a9b4",71693:"a2baab9e",71848:"d58b9252",71877:"1a52eae7",71878:"3ad228ae",71916:"fda8821a",71964:"b58e0449",72113:"d719ccc2",72147:"c0ed6d96",72184:"4ef7ce65",72447:"05c17326",72612:"eca036a7",72629:"0d8d3350",72685:"4c601101",72828:"c3ab2f20",72829:"66bc78fc",72868:"a3937ff1",72938:"d705183c",72985:"fb6d9ef4",72992:"d9ebdac2",73167:"1b42d056",73407:"fc05bc09",73457:"cc63c88a",73746:"8ee976c2",73805:"cf896737",73838:"3b42de7a",73860:"78e0e367",74009:"18714417",74076:"cab9a096",74107:"830fd0bf",74296:"ab9a051c",74423:"cffa70f7",74517:"48f8f874",74556:"78dce1fd",74570:"625eab23",74595:"38dfefea",74703:"e0a79853",74708:"0bb7bcfa",74713:"330ac9fe",74891:"522cb5d3",74926:"1d40ab52",75092:"40c869fc",75143:"b17755e4",75191:"192ae610",75223:"c9f8f6c0",75257:"c50a9231",75360:"ed642a45",75601:"4e291c72",75612:"f49d7908",75623:"5d01a869",75884:"3e3d3813",75950:"32828b2c",76066:"38dc8bc1",76194:"342f8f1b",76311:"fc150fa2",76313:"b505846c",76420:"d8f8ea8f",76496:"fd333703",76638:"103f9e04",77078:"8cd80816",77184:"27772462",77248:"226b0cb1",77333:"0142e598",77340:"890438e0",77445:"f2a4f782",77467:"1608ab0c",77492:"bd753016",77503:"7566cda2",77552:"91d6c0c4",77667:"c087d33b",77752:"371c68ed",77763:"c20a5dd8",77802:"73c0098d",77814:"8f0d52a3",77885:"efe6b3fa",78010:"08cd2194",78202:"474899f0",78325:"d924c453",78361:"6a78568e",78442:"550fad1a",78606:"a1fbca1b",78658:"1855c9f4",78673:"c6aea3f1",78740:"ec887574",78861:"53094378",78923:"d1f0e4b8",79110:"56d060ef",79178:"5d8dde6e",79346:"5fd3099d",79355:"16304c1d",79526:"3da507b6",79679:"63831db4",79694:"fc1959c7",79777:"7f1215b4",79842:"5e2a7dec",79917:"f92f7190",79971:"ea2a8a2b",79978:"cde6b8a6",80009:"5f2498b2",80053:"935f2afb",80145:"14706c8b",80316:"42705cec",80357:"05827d53",80451:"14fe5d11",80484:"e2c6734d",80517:"8855d2b7",80881:"ca5cb613",80912:"e656dc47",80948:"6525da2f",81084:"aab4c406",81100:"0899fb24",81182:"6baa2cef",81229:"40616ef9",81357:"173f7963",81560:"5eb6fbed",81636:"558e1c6c",81643:"bab8d2c4",81758:"3a836242",81771:"20643d6a",81804:"bf0e441c",81821:"fd8b739b",81940:"d96ceb02",81960:"74376b51",82120:"3923cff6",82168:"0904ab64",82329:"9107ea31",82344:"3e21b64c",82347:"56d960a3",82478:"7c5fdb97",82651:"853e4057",82654:"2456a5e0",82683:"ec9ce0b9",82763:"6cc9d60c",82935:"ce73e545",82968:"cc020efe",82977:"b768cbd4",83037:"1aa3183d",83050:"236783c9",83060:"8a3cf0bc",83066:"57333199",83153:"915b42ac",83184:"912ede02",83217:"3b8c55ea",83276:"c8a30dcb",83323:"e7e3539d",83532:"a05ad5a3",83555:"b4edc141",83590:"610c6209",83669:"0ca5e369",83827:"a6b4f274",83856:"9ec43235",84143:"0984e7b7",84288:"89779929",84331:"b8ae24ba",84394:"d4054b0c",84541:"2d11d1c7",84606:"381d9cc2",84615:"511f43e7",84723:"efc92035",84841:"bb002237",85064:"eba3cb06",85330:"4121ff2e",85350:"346c6f31",85511:"096b53d1",85765:"d3ac05e9",85785:"d39f4c6a",85872:"a32b9391",85957:"3d23d174",85989:"8a69729c",86007:"61ac022e",86019:"5665fc6b",86341:"e4627f95",86392:"95b4e82b",86478:"9e8974f2",86621:"2f9a61f7",86754:"4ed45869",86847:"defea45c",86849:"57b59cd4",86892:"e5249a91",86905:"e59cf075",86925:"0c4492b5",86983:"843d5c9d",86997:"813b8b2b",87089:"532cc112",87097:"535a9867",87199:"e08ad4e2",87413:"826a4450",87659:"003bd65f",87908:"673cfd93",88462:"5c098672",88746:"6bfb1f3b",88799:"119399a8",89110:"3ab60fbf",89120:"a89101e8",89213:"5b1b9265",89243:"9ceb8545",89535:"8a2021db",89635:"306e9acb",90069:"b809a965",90342:"67a3f72d",90414:"fa02121a",90434:"611ed0af",90451:"251e224c",90647:"9a147845",90673:"a618be25",90744:"1095b338",90874:"d01ce3bc",91024:"bf01e4e0",91043:"5eb60198",91075:"7f7d57e5",91550:"4b535752",91577:"aab66baf",91617:"08b38161",91698:"d41cac77",91709:"7675a0fe",91835:"baf595e3",91993:"3c5e5778",92130:"88d474ce",92180:"9f5a94da",92341:"5c2c8950",92511:"15706790",92711:"e19ba590",92901:"462cb3ee",93009:"ec0bc416",93089:"a6aa9e1f",93116:"77d972d9",93117:"5f593e60",93185:"799df3c7",93323:"0756af21",93432:"23d9fe45",93502:"62c56f8b",93549:"bb1699c9",93614:"ea480a96",93656:"22bf71e8",93716:"3fa77eb9",93851:"4aebba5d",93891:"6a545a3d",94012:"15960ad5",94013:"38d8ce0a",94156:"36a4e4f0",94176:"a793e2e1",94235:"8d66cedd",94243:"f3d6bf7d",94325:"259d4bd8",94579:"c07ebe24",94881:"f24deb99",94899:"222f68c8",94977:"98a7b080",95018:"45ca2515",95051:"1c05226e",95142:"07fcb413",95510:"266461e3",95647:"9b6133b9",95654:"dc648997",95683:"32f482e1",95719:"93946e0a",96030:"00f5d06d",96075:"83e792f1",96298:"1c3c8be8",96688:"a22ed5e4",96813:"7c409bae",96902:"1608665e",96979:"737abd23",97006:"7fb7e253",97120:"0752e30e",97140:"0462cff2",97213:"d8ef6140",97267:"4b385260",97357:"28d6087e",97562:"afacbea5",97602:"c6bc47df",97635:"cd0c0b67",97722:"7350c59a",97912:"7f9606e9",97964:"7ab81c4a",98087:"3d4ef3a7",98258:"d7e0d0e7",98437:"60e1e52f",98498:"32e847b8",98659:"97bdec26",98752:"af1a53b7",98807:"9b9ccd3e",98991:"4593cc08",99135:"b5c078ab",99397:"659dff9c",99554:"2b4e7f11",99734:"7bff08c9",99812:"285fd50d",99903:"a4707478"}[e]||e)+"."+{21:"e8db92b2",109:"7d540acc",312:"c9e5ab73",747:"e6a4227a",815:"1d64a8bf",925:"c966c0f9",940:"1126dea7",983:"85515927",1087:"e4c3b1d7",1238:"d4fdedab",1310:"42bea346",1358:"da7161b2",1416:"eec2f609",1438:"cec5b12b",1488:"b1a242a0",1514:"d2744380",1741:"1b31805d",1953:"26d8e736",1954:"0b34bc9c",2077:"f1161b84",2232:"18dabc55",2271:"b742dea0",2322:"c3c72cf3",2466:"db5c00e1",2467:"41f0f036",2572:"7c24eea8",2879:"84a24a15",3007:"f0d108e2",3419:"866f6080",3465:"24e6f06f",3694:"688dccba",3729:"0a234850",4247:"6644139e",4250:"f91c37da",4336:"248742d4",4358:"826cd50e",4714:"2334fecc",4847:"d5f1ecb1",4998:"3c20db2d",5166:"dd8f8287",5215:"e86418c9",5291:"c14ec276",5422:"35167db4",5426:"acfb36c0",5481:"1ea3b510",5488:"8050e32b",5510:"2fe53128",5569:"325ee7c2",5774:"a556ff23",6182:"eff8db40",6213:"ba4d8dc2",6380:"d594447f",6455:"ffe866bf",6740:"5a649f9b",6795:"a0fcbbe9",7069:"121d08b0",7087:"92985a33",7096:"4f237850",7319:"b5d24f3a",7328:"b4761775",7383:"e0e08f28",7392:"148dea26",7402:"0146f1da",7457:"dba73d1c",7659:"73808397",7695:"80864974",7703:"a4eaee91",7741:"994cc253",7786:"6aa29002",7789:"b67a8647",7800:"8f3731c3",7811:"d702064e",7865:"0848bc01",7899:"d3837eae",8007:"3f2fd7d3",8214:"9103b553",8243:"ed357ccd",8298:"99fd79dd",8338:"8495a819",8523:"1697801f",8654:"bad19c1e",8914:"5fd26b0d",8934:"1425bd71",9093:"cba4f98f",9104:"c7a92398",9140:"0da3acf5",9546:"cdf4a43c",9621:"bb7992e7",9769:"57fc81c4",9784:"3d6d8437",9887:"70eedba3",10149:"8b4e7ea5",10330:"efe61bad",10409:"b8318f58",10507:"cb36671b",10554:"567430f4",10582:"fa2c1846",10601:"ed0c9424",10623:"d0d1a670",10648:"f6ad12d0",10654:"72eafb3e",10704:"b6a62e2a",10962:"3fd9932c",11177:"fa569261",11180:"644a771f",11274:"866c10a6",11310:"3b929021",11426:"d02db023",11618:"05cb970e",11697:"09dcdde4",11930:"2157445e",11938:"7507327f",12021:"121733da",12026:"93a65c78",12066:"6303023c",12105:"9906145f",12205:"6f5304d4",12368:"5f063a00",12585:"c85b77d1",12602:"c549397c",12603:"cff39de2",12658:"c63e77a3",12681:"e5e6032c",12865:"1da13d88",12882:"ab2c2dcd",13056:"7be5a84a",13072:"a0b75323",13123:"bd9ec282",13245:"c34ebabf",13261:"431d44cd",13344:"5dc10998",13460:"08306def",13575:"19f6722c",13581:"a7b4bda8",13634:"3c63008a",13825:"86122428",14007:"67f7f532",14050:"1a1f86f2",14085:"bf568252",14640:"a8849ea5",14873:"61a550fe",14986:"a2386c12",15062:"e0762999",15185:"0941179a",15316:"e76bf261",15350:"24caf80b",15574:"1d99f440",15651:"7b608f22",15709:"bc21c8f0",15729:"829a1e71",15736:"6dcbdc4a",15771:"9b3b57b5",15921:"42e255b1",15979:"7fd3fde0",16186:"67643b30",16380:"44b90bdc",16684:"d14b62a1",16992:"8f734c6b",17104:"f14eaf01",17541:"5e439495",17634:"9b341a41",17994:"82e68fbc",18083:"933aa6ac",18091:"c54c83a6",18233:"6dfd0167",18348:"39363612",18503:"b00e694b",18543:"d8b0b0dd",18654:"6b1e8606",18676:"abbb25d1",18746:"d2e309fb",18952:"3913f82b",18975:"bd590918",19096:"c95a097f",19186:"1af94c71",19336:"5eef1e32",19478:"c8408cbc",19480:"11d699d7",19509:"01099fba",19599:"7b871313",19612:"25aab38a",19720:"142c4c67",19840:"2411fdd1",20111:"1f1e2d37",20119:"072a58fe",20486:"bea2439e",20686:"e22801f7",20739:"fe7dec50",20769:"bbba1ca9",20898:"23dc5185",21020:"147a23f1",21022:"77f45368",21054:"0eef08f8",21131:"93dad10f",21290:"d10a819f",21307:"e41a7b2f",21411:"ed16a47f",21499:"f0f075ef",21511:"2636c847",21574:"7d2a11a1",21594:"872306e9",21715:"e7e98879",21926:"5b96440d",21994:"4a0c3620",22035:"1a8dad82",22036:"b3bc1f9e",22092:"a85181a6",22094:"ce2e081c",22159:"5afdde65",22348:"37b20d70",22394:"0b0538e3",22498:"df18af70",22502:"a6ec6349",22570:"61817c64",22609:"85752a17",22681:"7b50c7b2",22697:"0ed50301",22713:"185f59e2",22965:"d99ab323",22970:"356ed2c6",23169:"3f173035",23199:"8c313f3d",23475:"defd9cec",23486:"3a91383b",23521:"ca055cc0",23676:"4011641e",23719:"27319b53",23910:"ca0cbb79",23915:"f4618526",24004:"6204bf4f",24174:"499345b3",24180:"f30977ed",24212:"18ab5286",24269:"fdde4f4f",24276:"dd67cfc3",24340:"fb06e7aa",24349:"8f7aaa90",24354:"166190e8",24464:"458cd2da",24720:"fd73174a",24920:"bfe05e45",24930:"f3c747d9",25088:"50ea1b98",25297:"9cbf9d15",25480:"842afd03",25561:"fc1414fe",25618:"4a5a91ee",25915:"9b94861c",25929:"072ecff1",26123:"b63d11ed",26283:"dfcb0074",26389:"7a68fa9e",26546:"0e67243e",26571:"fafbf339",26583:"c5a17b17",26599:"c53c88e8",26780:"b845a821",26824:"bbd490c9",27071:"a8d53910",27103:"755b804b",27166:"ea3377ac",27278:"c8d57b6c",27339:"cbdd9481",27495:"9361cff8",27510:"8086e898",27785:"b9612608",27918:"126ce769",28006:"7cce8369",28027:"73e674cb",28045:"d7e38384",28065:"fbcd992a",28109:"40941685",28250:"600feaf9",28294:"dfdedc68",28424:"cc520127",28427:"045f5eea",28490:"40bd1e8f",28528:"2b83f438",28600:"d2495a4b",28614:"5649a6b1",28621:"cbe04304",28706:"b6d61405",28755:"5eeeecbb",29106:"6d17385a",29245:"c3542688",29307:"9bbf021e",29514:"61328999",29597:"3359f8ad",29753:"5c4d5106",29946:"13f23b59",29969:"b52b0db4",29996:"903e5627",30144:"55c492f9",30433:"d4f93af2",30763:"44937f11",30836:"ff7ff475",30853:"6a5ce8d9",30868:"8ae0030a",31289:"a6ebc928",31301:"a1110d9b",31386:"23f8714b",31422:"12fe9d7e",31472:"2f2ac03c",31617:"a4a0c98f",31626:"99bf3948",31671:"ef900a18",31803:"0a436099",31809:"34d4d988",31921:"a805c1a5",31967:"0d7e1870",32077:"91bba93b",32263:"35bbb30b",32440:"f33ba6bb",32535:"0ddc097a",32663:"897a4c55",32699:"09b33ce7",32764:"c4b29104",32809:"f3504241",32810:"69f5ce2c",32942:"40ea2d58",33019:"9c911be2",33040:"1e51b3e0",33150:"b112fd70",33191:"159b5961",33313:"d7e7fa10",33514:"9d96b724",33698:"1fd502e7",34049:"8344e060",34085:"708be506",34093:"a9d58a94",34176:"a75ee44f",34203:"ba77eb0d",34224:"41713a46",34316:"c69f6f4f",34377:"6400037b",34682:"88f6fb04",34740:"e852bb24",34771:"092e30a9",34967:"c3d30397",34970:"440cf678",34998:"b9a93791",35119:"e77af8d1",35174:"c07ad2a5",35206:"0be3b13c",35223:"d6f49da7",35406:"d4c67d9a",35542:"1e6a47f5",35638:"3be62e68",35674:"79ba46b0",35821:"028ebcaf",35839:"a8385908",35913:"bfc208da",35995:"94a897ee",36358:"3f6ac45d",36516:"1a7d1437",36549:"8c494ee7",36555:"9c2835dc",36668:"70204305",36694:"86ba26ad",36714:"3161abae",36777:"ee5aa43f",36868:"655166d8",36883:"17a72363",37300:"a8bdf45c",37503:"4ab0398e",37590:"82e14522",37704:"931bc5df",37739:"4606673d",37861:"aa9de769",37998:"02432bc2",38002:"dbe922e2",38098:"7c8e3a84",38130:"8e1c3820",38153:"ee23a8fa",38279:"36d618e1",38342:"bd2d47c3",38382:"e0bd7007",38429:"a0e472fa",38515:"5ff3a268",38590:"291ed7e2",38773:"8308f2a8",38774:"0ab7fd59",39063:"96adf0c9",39184:"ee90b394",39609:"d6af7eac",39652:"f41c482a",39781:"07872635",39840:"03cb115f",39880:"050ba86a",39945:"4912895e",39977:"ed45c656",40104:"ce9b4e6c",40300:"d17c7218",40363:"3a20fc02",40408:"b4330ade",40412:"a0001f40",40421:"9ce0d52c",40578:"ef843736",40613:"87c21496",40791:"924036e2",41021:"dcd3aece",41026:"919bbca3",41048:"4caaeed1",41119:"1e79e836",41232:"b8a1d405",41298:"7a48772b",41337:"cef85f93",41490:"dce01ba6",41550:"24822864",41600:"ec1b29e7",41606:"1b64a0d8",41713:"4465f3f4",41748:"ee132496",41797:"d50c8b36",41808:"6e2339a3",41843:"f6cd0622",41862:"e5410b04",41863:"ff544712",41910:"a95c314c",42060:"6fdad5b1",42184:"3f99d349",42213:"9fc77d0b",42293:"2ee93475",42384:"22182b2e",42408:"d3191987",42774:"507b20e6",42798:"00330344",42807:"e0fda9ba",42815:"ec4d7925",42900:"ac0a8f97",42908:"9840aed2",42936:"61fd2d56",42957:"de6418fa",42977:"a244750a",43075:"0637ca51",43240:"8d8cca45",43386:"066bffc2",43527:"b562101b",43567:"df931557",43570:"e00db7d4",43662:"62e53f6d",43690:"3eae6bae",43855:"f537f6fe",43991:"961c8d6a",44164:"1891be0c",44351:"1a21c04f",44437:"e41c7ef0",44442:"c5e9897d",44689:"a1d2ad0c",44913:"7a558425",45007:"54cbb85a",45182:"aa913a60",45403:"c9ec5194",45570:"6562b9b2",45585:"2db4181d",45621:"245cfdf9",45971:"3d125251",46003:"91db0141",46021:"a4f91589",46048:"8f4458a6",46103:"69de5a44",46150:"1c076a88",46203:"12697d9b",46225:"0706d01e",46265:"9d48ae86",46348:"443c1885",46406:"92679fdd",46436:"06382694",46442:"88b6e892",46596:"1d611864",46651:"1128c181",46705:"bef2ea33",46734:"c3c3a0a4",46762:"d0619d3b",46779:"c3ecb161",46878:"6fb931e5",46947:"9b9265af",46971:"29fdb728",47057:"847ada5e",47362:"0d108878",47484:"7d3493ff",47497:"68d7fd23",47532:"0173afed",47611:"90bca5f6",47618:"701a0551",47647:"a4b59634",48085:"92faac02",48100:"a088e7ff",48111:"c2ca6030",48440:"985dad1b",48441:"69fbf22c",48472:"6708c2e5",48527:"eb02368f",48610:"feeb8dc7",48772:"a88f32f2",48797:"1268b6c4",49201:"a7594aca",49277:"05e11747",49492:"b61e30f4",50030:"d5ed870b",50065:"7b658417",50154:"e52e1348",50155:"844afe79",50295:"898f5e3c",50475:"69ec2ad7",50536:"26ac8144",50566:"c3e125bf",50598:"1a33af0c",50682:"fc2bbbc5",50734:"f5372aa8",50786:"94dd79ba",50840:"934bb5d2",51157:"3582b996",51195:"5722c257",51232:"cf85cfae",51426:"b414372a",51519:"2ddaedff",51596:"297c26d8",51661:"ab5db16c",51701:"60d421cd",51770:"e07f727f",51893:"167165d1",52131:"c96ee793",52182:"dcfc77cf",52277:"238a1278",52303:"8b4e815d",52535:"2b82a630",52607:"3838edfb",52642:"62b14f08",52656:"8d0066cd",52685:"e8e8c17e",52908:"f264133e",52916:"d54528ef",52961:"75d1b4df",53015:"15e0d65d",53121:"bd2dfb2a",53237:"12970e31",53303:"fa36655f",53608:"b8afcdda",53711:"7045f7d7",53834:"274f492d",53978:"c3209811",54142:"0f358e7a",54197:"ad1cf17c",54257:"4e99c2b6",54369:"0d6ff9ca",54400:"89afc29d",54468:"f501395a",54495:"2329659d",54549:"90cd6d0a",54763:"d6d149cb",54768:"adfdb9ee",54779:"fe12d053",54797:"5c71db40",54868:"43c54987",54915:"263b5383",54993:"91510f5f",55183:"4afb8487",55374:"6f87a2a9",55395:"e39cceeb",55444:"e6a808e8",55458:"8f4e1fd4",55713:"dadb66df",55764:"e7d31d42",55791:"71e04fef",55817:"f698fdd9",56104:"f224e78e",56294:"643fb6cb",56345:"a8cb5489",56427:"88a471df",56454:"e0ef7626",56461:"6ffcd5f1",56630:"aad6846f",56779:"313d3b3e",56805:"011f9a61",56942:"15b4c01e",56948:"eb13f101",57205:"453d3b8d",57256:"2c302fe3",57365:"cd77fd7f",57456:"ce8e5c73",57523:"7986f0ac",57574:"30c94bb8",57740:"d571f1cb",57793:"13cd8f4f",57842:"436e8901",57891:"2aea4f0e",58139:"fe5f7c83",58231:"f7061b32",58253:"e10d281c",58255:"f456123e",58273:"6246135e",58349:"383e7dba",58494:"a3c91f55",58581:"cb59114b",58695:"36847346",58805:"5f4863f0",58821:"690f0dde",58886:"d03a700d",58967:"e3bfff41",59134:"39b6ac65",59300:"a53b83fd",59337:"c77ee5a0",59353:"6d8af524",59425:"ae539608",59525:"34c330df",59559:"4371aa71",59682:"b0479a1c",59694:"5959c540",59706:"eb7ac842",59726:"c290ca42",59814:"77686cb4",59825:"272ecf6c",59827:"2de6d0d0",60266:"49a9bd5a",60380:"6ac57077",60467:"1f0b9e09",60608:"01c2ce46",60780:"9495c495",60821:"64d2eae3",60930:"e23e8ea8",60996:"f04f5618",61157:"fd3de3a0",61213:"f1350e77",61265:"8e7c25cf",61337:"df600d5d",61554:"89ea185c",61581:"53e61a76",61708:"52875fd3",61763:"b534b2ee",61766:"0d6ec0f7",61846:"0d13a4cc",61890:"df2dcfa9",61931:"7d68e82e",61981:"a89cf658",62024:"b7ec0bb3",62109:"bf1989ca",62275:"174bdae9",62324:"4b534ee2",62543:"4a1b15c5",62693:"3e929917",62811:"a887c608",62974:"b9a543b3",63022:"6867ceb0",63048:"1cf9703b",63147:"cad0bd08",63299:"4b7f01aa",63376:"2e96170c",63410:"f503b52c",63434:"9018e3f6",63684:"2b83b0f7",63693:"cce4278f",63797:"075f705b",63905:"f6c4fbb2",63998:"faf088c7",64013:"47408ea8",64070:"8b7c91df",64247:"a8e023f5",64322:"1e8780e5",64325:"57859a67",64395:"8fa92a84",64411:"01e53c38",64600:"36221f82",64658:"a56cb96d",64748:"69f28e7f",64822:"1d25b787",64838:"4734156a",64854:"8264ccc2",64964:"d0414439",64967:"75921c03",64978:"383d3118",65051:"a595ef45",65161:"10bc7db1",65193:"f4875fa3",65301:"7553b6f3",65362:"3c470e71",65480:"7674fc21",65533:"8206358e",65540:"847de929",65548:"a559c231",65637:"66664bdc",65731:"2fc8a251",65754:"40996275",65839:"ea26ad80",65870:"9cb5da05",65878:"425a052c",66095:"53f0d6a9",66232:"4c02220a",66291:"4659c015",66342:"85255697",66377:"c06cc2b5",66513:"644c3372",66662:"6d07a943",66789:"1b9327d9",67036:"d83a6876",67060:"0b2f9400",67232:"fe4630cf",67301:"eacef02f",67356:"e7411f4c",67371:"54d17ba2",67431:"2d9c8a57",67570:"a912d835",67579:"daa8afe0",67581:"638f9bbf",67624:"2dd693f3",67764:"6705fdf9",67826:"f852d88c",67873:"dc960011",68418:"27a16d44",68493:"0c40016b",68540:"f332477c",68584:"ef0cac6b",68925:"c97c9855",68959:"94092423",69040:"cccba49c",69047:"8f87de4b",69078:"3e46606f",69164:"41fa3c89",69228:"fa2e6a84",69300:"7e705c90",69319:"dda81018",69320:"eeb5834b",69538:"05971b00",69593:"895b8a38",69678:"ae4afaf2",69796:"1b466ab9",69853:"bb0e8997",70163:"c9e4c4e2",70198:"46116597",70527:"20ad887d",70545:"e8051c9c",70714:"f03b155b",70772:"1239902f",70879:"5f73f442",71473:"68cc4272",71518:"48a998b7",71693:"ff1332e9",71848:"cb0d1f9d",71877:"fed30307",71878:"e37bdf0f",71916:"768a731d",71964:"54af46a7",72113:"d59b28b3",72147:"633d1373",72184:"15fb41dc",72447:"01b80165",72612:"a87ceb95",72629:"eadd44b9",72685:"5105ff07",72828:"aa1f07da",72829:"26a76f49",72868:"13f6e676",72938:"40d590c1",72985:"95fcf945",72992:"771fe17c",73167:"61796922",73407:"64f33247",73457:"33140d4c",73746:"0b9e2383",73805:"9cbb80df",73838:"61e6ec64",73860:"fd9df75f",74009:"1c9d42c4",74076:"718ac0fd",74107:"9f615b04",74296:"bf644a62",74423:"201cc6d6",74517:"3cea8a30",74556:"d1490399",74570:"0166a245",74595:"721f71e3",74703:"ee145dc3",74708:"6ad9f335",74713:"3ccf94fa",74891:"9596fdb6",74926:"e770c6c2",75092:"2aa2090a",75143:"05036a0e",75191:"98f22159",75223:"ff45c0cc",75257:"1d833078",75360:"a4adee3d",75601:"f115a355",75612:"e7a49797",75623:"52bef0f9",75884:"c5698ce9",75950:"53532520",76066:"a1dd8328",76194:"f6db6508",76311:"326ffe1a",76313:"6198d5c0",76420:"f556a572",76496:"264bce35",76638:"60bf0e5c",77078:"b2cf6936",77184:"9dcd8703",77248:"a18dbc2f",77333:"c92eb6a9",77340:"01a8d81e",77445:"f7d76f75",77467:"eb56212f",77492:"71bc818a",77503:"73f98799",77552:"e36b4b41",77667:"e5edad73",77752:"17e2ac1c",77763:"a01da5fe",77802:"cc00c9d3",77814:"cb9a6fca",77885:"00b46333",78010:"df577e49",78202:"871432e6",78325:"7e618213",78361:"00c04ba0",78442:"f1abe9df",78606:"040ca666",78658:"0b60f228",78673:"04b9d185",78740:"3b78e779",78861:"dcc00330",78923:"fc3660cc",79110:"87be014f",79178:"1dc96990",79346:"96ad859b",79355:"a1a459dc",79526:"ed45097e",79679:"9a75464e",79694:"7f503b64",79777:"2bfb73a9",79842:"f70e1c2b",79917:"255ee5de",79971:"1e550fba",79978:"51490c6f",80009:"348aab8f",80053:"210d0509",80145:"a334c14c",80316:"82ece6ba",80357:"e70b4219",80451:"33a05c65",80484:"a20124ce",80517:"062c5b4f",80881:"a8a9dda3",80912:"74508a41",80948:"c59e0944",81084:"da2db2e5",81100:"ceb6e5d1",81182:"f80d523a",81229:"bbaeb6ed",81357:"54a015ae",81560:"9da6af9b",81636:"b6d05944",81643:"23a6d571",81758:"ce84902f",81771:"1a87d58f",81804:"9119071a",81821:"2e47881e",81940:"b4eecf5c",81960:"fa113e2d",82120:"6ecca09e",82168:"3670f9b6",82329:"e40ca1cb",82344:"3ec8ed78",82347:"828a3a81",82478:"b08b65bf",82651:"6b8d3907",82654:"7e0e6ff8",82683:"abffd430",82763:"e92cb585",82935:"93f31ffb",82968:"1501c975",82977:"aed4cacd",83037:"4aa09de9",83050:"1b5bf1eb",83060:"e5047aa2",83066:"4dec174b",83153:"9e50b95f",83184:"9a863f7b",83217:"c37060d7",83276:"3ac466b0",83323:"27a5f228",83532:"bdc47a20",83555:"f1c0c913",83590:"8e23d175",83669:"7bf91233",83827:"613cf5b5",83856:"dfd9052e",84143:"09d7f959",84288:"1d1680e4",84331:"71f78c10",84394:"c71cce47",84541:"b132fd3e",84606:"e6003652",84615:"563807c2",84723:"e9916021",84841:"5ff33789",85064:"9f31e02f",85330:"34264fb1",85350:"fe0f3b36",85511:"3bbf9d84",85765:"496d3230",85785:"88bd8437",85872:"d2a55b71",85957:"49a91d2e",85989:"33e0dd36",86007:"012d4f9f",86019:"e3ace10a",86341:"4e2b3c9d",86392:"6a1765dd",86478:"f0f57a20",86621:"5a12df2e",86754:"8a694d15",86847:"25f285bd",86849:"2d379837",86892:"e7cacf53",86905:"ecf2aa71",86925:"6f0cc4ca",86983:"0753903d",86997:"6d1edacb",87089:"8666f6f8",87097:"5be719eb",87199:"bc7247d1",87413:"4131835d",87659:"82b4e10b",87908:"f4dcf58d",88462:"a2d32b15",88746:"17b3e11f",88799:"d34bc748",89110:"6b6cf3e7",89120:"185c69c4",89213:"11922ac2",89243:"45098b59",89535:"f75b7800",89635:"5dc48be1",90069:"5f0f9e2c",90342:"8b87339f",90414:"56a13b94",90434:"49871b0d",90451:"79460c6f",90647:"e0257ef3",90673:"cf3d9b9d",90744:"685204a2",90874:"ce5f99f4",91024:"12f5809c",91043:"5d1e6230",91075:"2299303e",91550:"fe4db9f8",91577:"9dcc181b",91617:"24b5e497",91698:"67a26da1",91709:"856a3485",91835:"9d0603fe",91993:"c333fef1",92130:"0c4fd33e",92180:"25aea8ca",92341:"3313736f",92511:"967974ae",92711:"d536cac1",92901:"1925c49b",93009:"c236e494",93089:"0ffc3ed6",93116:"542a5298",93117:"1d7f73ee",93185:"396fd9e0",93323:"2459ecf3",93432:"d2bd78e6",93502:"642ed554",93549:"7a469e11",93614:"1ce1cfe1",93656:"34db1d79",93716:"07c6cd5c",93851:"9db598cc",93891:"f7799cf6",94012:"13d96263",94013:"66f0ab8d",94156:"e124ffd7",94176:"7f2c3bad",94235:"34d14fed",94243:"ca3b1310",94325:"bbba5a4d",94579:"13807da9",94881:"929ccd1d",94899:"77e51b95",94977:"74b8b4d6",95018:"5508fe6c",95051:"9f6e54d8",95142:"4ede1de5",95510:"9c14357e",95647:"531bfe2d",95654:"d3d9992f",95683:"0b571df1",95719:"43361bdf",96030:"1340c103",96075:"34cb5df7",96298:"b120f89e",96688:"145b6e12",96813:"34c4513d",96902:"7373dfa7",96979:"9a2f37a8",97006:"be953606",97120:"9a356a8b",97140:"f4681f86",97213:"51255189",97267:"397d1b9e",97357:"1c6cf103",97562:"ff1ab01d",97602:"8a16a535",97635:"07db27f7",97722:"1f13712f",97912:"2a26ddd0",97964:"f380e84b",98087:"269796d7",98258:"76b7f383",98437:"f9b6f3a9",98498:"29e3cb4e",98659:"fb4b7a92",98752:"a877c9dd",98807:"e755289d",98991:"ebaf99c8",99135:"da3a8f4d",99397:"6ed347a2",99554:"0bd32e57",99734:"544ccc39",99812:"3d6c8f72",99903:"f72c6883"}[e]+".js",r.miniCssF=e=>{},r.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),r.o=(e,d)=>Object.prototype.hasOwnProperty.call(e,d),a={},b="podman:",r.l=(e,d,c,f)=>{if(a[e])a[e].push(d);else{var t,o;if(void 0!==c)for(var n=document.getElementsByTagName("script"),i=0;i{t.onerror=t.onload=null,clearTimeout(s);var b=a[e];if(delete a[e],t.parentNode&&t.parentNode.removeChild(t),b&&b.forEach((e=>e(c))),d)return d(c)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:t}),12e4);t.onerror=l.bind(null,t.onerror),t.onload=l.bind(null,t.onload),o&&document.head.appendChild(t)}},r.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.p="/",r.gca=function(e){return e={15706790:"92511",17896441:"27918",18714417:"74009",20979765:"46596",27772462:"77184",42428214:"57891",50610133:"22092",52763308:"47532",53094378:"78861",56554851:"30763",57333199:"83066",65769068:"63797",76752974:"44164",84261676:"9784",89779929:"84288",90609308:"15921",91524627:"39945",91958274:"55374","300f4cd6":"21","795f3bdb":"109","15d0580c":"312","260a4a36":"747",c7567e98:"815","36e2d848":"925","18f6552f":"940",d3ca5c2e:"983","94dc7cfd":"1087",b5cde707:"1238",fc1fe8cd:"1310","5a7d75ff":"1358","6cda4436":"1416",b28576cd:"1438","78e22a47":"1488","6e48d5f2":"1514","5a638c7a":"1741","3e8d5da4":"1953","1e439a5b":"2077","6f8faf89":"2232","9cc26b9a":"2271",dcd93014:"2322",a500dec7:"2466","6d895060":"2467","1f1afc48":"2572","41bc5d3f":"2879",e7e456ae:"3007",b420e108:"3419","1431f569":"3465","88dfd727":"3694","2e0a315c":"3729","1b19517e":"4247","16b64f07":"4250","70365baa":"4336","0b13c270":"4358","08650cf2":"4714",e257e53c:"4847",e8f48e86:"4998","7bbfc3b6":"5166","3b4c1a08":"5215","00feb899":"5291","30983fb2":"5422",f41d5350:"5426","77a3d39e":"5481",b1a5927e:"5488",bf00a8d0:"5510",dfbccedb:"5569","9ec8eba6":"5774",dfcf29be:"6182","55e4d810":"6213","1ac601ec":"6380","2b956348":"6455","9f833be8":"6740",e30f1b57:"6795","98fbcf17":"7069","3da98dca":"7087","173771a7":"7096","2f0cfb14":"7319",b0998319:"7328",ad8204b4:"7383",a6195e9a:"7392",fbb59325:"7402",ed94db85:"7457",ccd53d21:"7659","993aa953":"7695","9482ce64":"7703",a4d3bfdf:"7741","8917ad4d":"7786",c41a9bbf:"7789","5757960c":"7800",d0a74388:"7811","2c65c31e":"7865",d45a981c:"7899","63c93610":"8007","6598a7ba":"8214",bcfd1a7d:"8243","687e20bc":"8298",ad85b1ef:"8338","8a33da19":"8523","03cfa6f7":"8654",f7385094:"8914","8dcf93dc":"8934",ad9bab9a:"9093",bd403acb:"9104","3706fe77":"9140","655adf18":"9546","8dd461fc":"9621","7e337a56":"9769","0619e1d5":"9887","370de2d9":"10149","12a06ad6":"10330",d19115d7:"10409","3e12f454":"10507",a4c05209:"10554",e6dd6da5:"10582",a3470c53:"10601","62314bb1":"10623",b6d3d2df:"10648","8d265025":"10654","23352ec4":"10704",e2da1f85:"10962",f6a9426b:"11177","7aa5df64":"11180","4f3516e2":"11274","1b267c09":"11310","9790f6d3":"11426",a6016a7e:"11618","5b09d46c":"11697","4f5d49a9":"11930",a1963bff:"11938","33212b4b":"12021",f031a327:"12026",a0e6b5c2:"12066","1d52074d":"12105",ce50ea2a:"12205","3f6be463":"12368",edbec64d:"12585","5457b00e":"12602",d5af26f4:"12603","3a435e54":"12658",c81b193a:"12681","7371e1a3":"12865","1c0e9aa0":"12882",f8b3aa78:"13056",a94ee45d:"13072",bc4d58a4:"13123","36d71838":"13245","3e264488":"13261",cb7043f0:"13344","7bde4295":"13460",edea3d23:"13575","00d5b134":"13581","90925eb7":"13634",c945ac6e:"13825","861f751b":"14007","71f012fd":"14050",c103f181:"14085","30269bac":"14640",fc06a125:"14873","080a77b8":"14986","879b8a59":"15062",f4774aa2:"15185","826eb956":"15316",ecc58e23:"15350","90e47a5b":"15574","915a4fec":"15651","995dbe35":"15709",a4cf8478:"15729",dd6e498d:"15736",dde9c6cc:"15771",e1bea0d2:"15979","23b969f8":"16186","126508e2":"16380",d8256cbb:"16684","8a8987ef":"16992","6ed3fb3b":"17104","1076f64b":"17541","672b3b49":"17634",ed200b07:"17994","64b2938c":"18083",e699d4d1:"18091",dc366153:"18233",af61538a:"18348",ab131112:"18503","84e59631":"18543",d20320e1:"18654","26684b7d":"18676","92b86d63":"18746","40f1cf9e":"18952","457b963a":"18975","7720bb24":"19096","40907c41":"19186",f56cf62c:"19336","6728c7a9":"19478",c4428c45:"19480","8e9960dc":"19509",e10d246f:"19599","37963c82":"19612",dfb5f0c7:"19720",d67039b7:"19840",fdfb486c:"20111",e2bf4803:"20119","868b8e17":"20686","6eed3feb":"20739","1cc400ce":"20769",acc03d12:"20898","34156d76":"21020","949f9e5c":"21022","8a5c65cb":"21054",c64c8a00:"21131",ecf397c5:"21290","7863a04f":"21307",a9af3507:"21411","6b670249":"21499","92e7b68f":"21511","2fd2ba7e":"21574",dec2802b:"21594",fec5c7d4:"21715",c6ca8e82:"21926","2ae252f9":"21994",bdf7d44f:"22035","07b2872f":"22036",f167b037:"22094",f42d2ef1:"22159",dcb471a6:"22348","58f46323":"22394","9a3d5681":"22498",a4f23293:"22502","1222082a":"22570","5e15c15b":"22609","3c116a82":"22681","42895aa9":"22697",eb29bc22:"22713","09772b34":"22965","15f6fe0f":"22970","146d05d7":"23169",b4ed5649:"23199",c283ece6:"23475",c9448d9e:"23486",f0de574e:"23521",eb3dc601:"23676",bff9d2be:"23719","175c78b3":"23910","3fa39283":"23915",d0fc3039:"24004","2132f2c8":"24174","0702198c":"24180",b6120ea9:"24212","833dfbe2":"24269","365269c3":"24276",cbf62e80:"24340","9cdc8175":"24349","20d73eb2":"24354",b02de59a:"24464",f98e13e4:"24720","7040ea16":"24920","77ff8c5f":"24930","27b2bedd":"25088","59476d7b":"25297","2ffafe2d":"25480",b00a96e0:"25561",fbf5a5bc:"25618",d33dc195:"25915","1b28acf9":"25929","2865d6a1":"26123","636ce216":"26283","526841b1":"26389","05d073aa":"26546","18ba6a46":"26571","22f788e4":"26583",d7924564:"26599",fe92c3c8:"26780","4ea5776c":"26824","9b14b78f":"27071",e43c6f85:"27103",c50c64c1:"27166",e93086c6:"27278",fa5a4d6d:"27339","8a77ded3":"27495","7ac58bfb":"27510",c709e528:"27785","2a769183":"28006",cbee0725:"28027",e5c15292:"28045","51a6b448":"28065",b8763a3d:"28109","3fdf6886":"28250",a73e6386:"28294","0a3ca7a0":"28424","41e2cb2a":"28427",fbc46c8d:"28528","3962ec11":"28600",a972ad3e:"28614","282850f5":"28621",bd9ea72b:"28706",b77b8c66:"28755","7a52780b":"29106","1c258b38":"29245","8bddd949":"29307","1be78505":"29514","6591a8d4":"29597","91d2db81":"29753","216a98d5":"29946","628c5638":"29969","07a41131":"29996",f2b72252:"30144","3151d179":"30433","0fc51021":"30836",dfea22ae:"30853","8c335d31":"30868",b52fa139:"31289",fb52e9b8:"31301",e6dd87aa:"31386","97f5f3c2":"31422","35eb483f":"31472","59c3a605":"31617","35265ade":"31626",cbd72529:"31671","1517121d":"31803",bc8b2a0c:"31809","08efe41f":"31921","03d0b641":"31967","7a4d057f":"32077","92103f47":"32263","5bc595e9":"32440",da36def6:"32535","69fd7c0e":"32663","8fd272bb":"32699",bd4362ca:"32764","759f5d40":"32809","4741f96c":"32810","70de5b5f":"32942",a4e49971:"33019",ce6ee837:"33040",e8d4cdb9:"33150",f6784245:"33191","93996e09":"33313","99dc4662":"33514","341b1c91":"33698","1e415b6f":"34049",cc549ae9:"34085","836ce71c":"34093",ce59b13f:"34176","3ad596a9":"34203",c4ffb2d2:"34224",f8990407:"34316",e3c905de:"34377","6d0e887d":"34682","078ca05e":"34740","9d708593":"34771",e9b5709f:"34967","913247ec":"34970","7c404f02":"34998","714a0345":"35119","7ac0181b":"35174","161a8a09":"35206",b3cc103d:"35223",d602a484:"35406","43947e47":"35542",f42f3bd8:"35638","3f324a56":"35674","284a080c":"35821",cfc90e78:"35839",e00fa61b:"35913",b49d70f9:"35995","0b3545e4":"36358","83ce496e":"36516","1d5b23e2":"36549","80a8b741":"36555",c968257b:"36668","4a506fa9":"36694","16b4412b":"36714",aa9d4f22:"36777",cca70ef7:"36868","077ee5ba":"36883","1f1b61b4":"37300","8887a228":"37503",c94d8736:"37590","5f6ea5d7":"37704","70ea087d":"37739","9bc8facc":"37861","4e5322cc":"37998","640423d2":"38002","99b17796":"38098",cd61fe91:"38130","9919686c":"38153","29a08e9a":"38279","1fd61002":"38342",e02565da:"38382",fb6c00a7:"38429","265621d8":"38515","29b0c18d":"38590","217d978d":"38773",d2eed707:"38774",f083362e:"39063",cefce2a2:"39184",c1660528:"39609",b0851ee2:"39652","7379db51":"39781","5447c5cf":"39840","1677abc3":"39880","30ad8f72":"39977","465a7087":"40104","1dcbf034":"40300",d3b3891b:"40363",d24baff8:"40408","2bd82a96":"40412","53d6371d":"40421","234e638a":"40578","59f2fdda":"40613","7259f1b1":"40791","90e6bfa4":"41021","4c5e3d0c":"41026","0a00aed9":"41048","1738210e":"41119",ea710672:"41232","969fec62":"41298","19e0fcb3":"41337",d449dcf1:"41490",fb6543cb:"41550",cb9e7599:"41600","5f3ec91d":"41606","6f23519e":"41713",b2974c0c:"41748",e9e146f9:"41797",f918b75b:"41808",d3ee8f76:"41843","7d20fe42":"41862","7820f9d0":"41863",cb0f9cfc:"41910","4c8bab11":"42060",e57902fd:"42184","42d74bd0":"42213","352fe4c2":"42293",f2b29f39:"42384","369767ab":"42408","56af85b5":"42774","4fbbeb6d":"42798","56e0102d":"42807","04c84ab7":"42815","461bbd2f":"42900","952453f2":"42908","8616380d":"42936","9ab9d50f":"42957","6b5f3f1c":"42977",cee81a32:"43075","6f717a16":"43240","619f4ce6":"43386",d9ff0d7c:"43527","7c224e35":"43567",f9f60325:"43570",e0085fac:"43662",f5855e91:"43690","0565c07f":"43855",c7c76429:"43991","4b04188a":"44351","03174832":"44437",ec8dee43:"44442","93f2b152":"44689","00f8cb14":"44913","649093c4":"45007","0befdadd":"45182","4fd18230":"45403","5f002f12":"45570","659951bd":"45585","456cfd32":"45621","5dbe590f":"45971",ca13f458:"46003",cf1ecaf1:"46021",ccc49370:"46103",d409a93e:"46150","8f876d16":"46203",bf3f6241:"46225","05e002f0":"46265","8e3c5f08":"46348",a70d2e82:"46406","32b646fc":"46436","88746a45":"46442","8ec6e829":"46651",f3740653:"46705","4a76d056":"46734",ac1eaa32:"46762","708daa68":"46779","7430a490":"46878",feb1236d:"46947",c377a04b:"46971","140f3dee":"47057",c617b3ad:"47362","244e56d5":"47484","51b3f280":"47497","9c8e56d0":"47611","7d2009bc":"47618",ab97ccc9:"47647","5bdb327e":"48085","9983579e":"48100","008e479d":"48111","0f92a9a8":"48440","2ea98982":"48441","005af5ea":"48472",bebebfab:"48527","6875c492":"48610","72cc6d1e":"48772",bfb74d34:"48797","2dd6b9ac":"49201","8a72ccb4":"49277","1c21ba58":"49492","29e3a43b":"50030",d3bd14d4:"50065","93ecf9d2":"50154",cf2b80f9:"50155","692db14d":"50295","199adf45":"50475","3ecf99f6":"50536","36fd6b31":"50566","5b418dd2":"50598","7455c1f8":"50682",a4ae065a:"50734","3b3d7813":"50786",b2fe1a56:"51157","92054cc8":"51232",cb97ded3:"51426",e957a797:"51519","3b10f148":"51596","5b1d965c":"51661","23091f88":"51701",f45be535:"51770",bf65740b:"51893","6dd1a436":"52131",ff85a2bf:"52182","46b1bedd":"52277","1398643a":"52303","814f3328":"52535","5cf52972":"52607","7a3cbbc1":"52642",d09cacbb:"52656","7fdede95":"52685",e830f50c:"52908","5183b70e":"52916","991a0614":"52961","0902dbf0":"53015","001e1716":"53121","1df93b7f":"53237","6e286be6":"53303","9e4087bc":"53608","1a5edc34":"53711",f24dcdab:"53834",cd4bceb7:"53978",c177c35c:"54142","6767fc64":"54197",f656ff8f:"54257",bc7ebba5:"54369",fae58180:"54400","4fe46fb7":"54468","52caa0fa":"54495",ae5766d7:"54549",f8085e57:"54763","04de07fa":"54768","79f1cb63":"54779","51e252e1":"54797",c0fac2c5:"54868","0602922c":"54915","0614adf5":"54993","52d10dde":"55183",e6bd1150:"55395","7f5a4972":"55444",e05e4f28:"55458",aeaca7a3:"55713",a55c14b2:"55764",e333f46c:"55791","63814cb7":"55817",f30c03b2:"56104",d7fd4a45:"56294",d7be0b9b:"56345","7313540a":"56427","747c87af":"56454","66766c59":"56461",deb891b7:"56630","1aba2a20":"56779","2c647459":"56805",c0a645c7:"56942","4a70cc0d":"56948",c4fd52e5:"57205",c9fea71a:"57256",ca20a8fe:"57365","7792adb1":"57456","770d309f":"57523","1cc46930":"57574",b0c2e5ed:"57740","59f6952c":"57793","4fdcd587":"57842",cfa87347:"58139",b6130486:"58231",b8678d1a:"58253","161712d6":"58255",bb28fa20:"58273","6f94884f":"58349","92228e60":"58494",a5b4528c:"58581","89f437f7":"58695","6ff39321":"58805","46886cb0":"58821",a3ee450e:"58886",bbf3cda5:"58967",dac8816f:"59134","453c4055":"59300","2a592757":"59337","18f289aa":"59353","316e84de":"59425",ea5ecbc5:"59525",f5d6dd48:"59559",f67e3aa3:"59682",fb22e237:"59694","2cd08dad":"59706",b878c13e:"59726","01d5614e":"59814","8a703bd1":"59825","047e6a26":"59827","4bf67133":"60266",eb9d40ec:"60380","03118738":"60467",a9e69a82:"60608",d5bfda9e:"60780",daab0409:"60821","3b1282ea":"60930","4bdadcb4":"60996",dff31f53:"61157","190acd9c":"61213","053d7e42":"61265",db189e95:"61337",f4d442d5:"61554","53470b9e":"61581","08d52cd0":"61708","076802e0":"61763","16029c63":"61766","1170c774":"61846","481cb13b":"61890","4e8ec2d5":"61931","24e002ac":"61981","5f058c77":"62024","3488fd6c":"62109","5837c87c":"62275","06d6451e":"62324","9c92bc77":"62543","9d79cf0f":"62693",b4cdaeff:"62811",fafc9877:"62974","4db9da1d":"63022","49fd035e":"63048",b90f1cd1:"63147",f70b5741:"63299","8765036c":"63376","70c58991":"63410",f83dc955:"63434",bf342a85:"63684",ce7dab8e:"63693","6acab07e":"63905",fc3f47a8:"63998","01a85c17":"64013","3cc8df7b":"64070","752e02a7":"64247","22d1e350":"64322","0da6392e":"64325","65a1b790":"64395","74b3ebbb":"64411","9f2791cf":"64600",bf7df328:"64658","95446c39":"64748",ac3a39d8:"64822",ad8e7dcc:"64838","72457b75":"64854",bc300906:"64964","4ab0658f":"64967","08d58ed6":"64978",c10b9920:"65051","5a44e4dd":"65161",eb5c7b0a:"65193","8731dd32":"65301",bb0c4597:"65362",eb5263e4:"65480","4e6ed8f3":"65533","783edba4":"65540",d6487ff7:"65548","79c12c19":"65637",cfbe9d8e:"65731","47bafca7":"65754","75fb7ff2":"65839","02ec521e":"65870",ef25bb1f:"65878",d7245e62:"66095","9a544e45":"66232","18c538ec":"66291",a59e0362:"66342",a530b0d2:"66377","00b87587":"66513",b5430557:"66662",b46e9e7c:"66789","1055a711":"67036","3ed7e301":"67060","019131da":"67232","20a75fd7":"67301","1ddde341":"67356","3d57ba44":"67371",a90d1c60:"67431",d9f8802d:"67570",b3089a88:"67579","84090fe9":"67581","4b415865":"67624","4a41c9ed":"67764",adcbe9eb:"67826",df12da97:"67873","7d1e7a7c":"68418",fce9c71b:"68493",d553c684:"68540",d9a4e4a9:"68925","9abfca86":"68959","2c2bdd6a":"69040","78aa31c9":"69047","2b1e53d2":"69078","4d635c76":"69164",f14b45bb:"69228","2628b79f":"69300","170c3def":"69319","0965286a":"69320","36b5d89b":"69538",e527a4fd:"69593",e8df2429:"69678","65d527ac":"69796",d9dc158b:"69853",f17a645b:"70163","8d2190cc":"70198","8ccefe70":"70527","276a35f2":"70545","1dc9c973":"70714",b8ce7dc9:"70772",eb51026c:"70879",c93a2b7b:"71473",e4d0a9b4:"71518",a2baab9e:"71693",d58b9252:"71848","1a52eae7":"71877","3ad228ae":"71878",fda8821a:"71916",b58e0449:"71964",d719ccc2:"72113",c0ed6d96:"72147","4ef7ce65":"72184","05c17326":"72447",eca036a7:"72612","0d8d3350":"72629","4c601101":"72685",c3ab2f20:"72828","66bc78fc":"72829",a3937ff1:"72868",d705183c:"72938",fb6d9ef4:"72985",d9ebdac2:"72992","1b42d056":"73167",fc05bc09:"73407",cc63c88a:"73457","8ee976c2":"73746",cf896737:"73805","3b42de7a":"73838","78e0e367":"73860",cab9a096:"74076","830fd0bf":"74107",ab9a051c:"74296",cffa70f7:"74423","48f8f874":"74517","78dce1fd":"74556","625eab23":"74570","38dfefea":"74595",e0a79853:"74703","0bb7bcfa":"74708","330ac9fe":"74713","522cb5d3":"74891","1d40ab52":"74926","40c869fc":"75092",b17755e4:"75143","192ae610":"75191",c9f8f6c0:"75223",c50a9231:"75257",ed642a45:"75360","4e291c72":"75601",f49d7908:"75612","5d01a869":"75623","3e3d3813":"75884","32828b2c":"75950","38dc8bc1":"76066","342f8f1b":"76194",fc150fa2:"76311",b505846c:"76313",d8f8ea8f:"76420",fd333703:"76496","103f9e04":"76638","8cd80816":"77078","226b0cb1":"77248","0142e598":"77333","890438e0":"77340",f2a4f782:"77445","1608ab0c":"77467",bd753016:"77492","7566cda2":"77503","91d6c0c4":"77552",c087d33b:"77667","371c68ed":"77752",c20a5dd8:"77763","73c0098d":"77802","8f0d52a3":"77814",efe6b3fa:"77885","08cd2194":"78010","474899f0":"78202",d924c453:"78325","6a78568e":"78361","550fad1a":"78442",a1fbca1b:"78606","1855c9f4":"78658",c6aea3f1:"78673",ec887574:"78740",d1f0e4b8:"78923","56d060ef":"79110","5d8dde6e":"79178","5fd3099d":"79346","16304c1d":"79355","3da507b6":"79526","63831db4":"79679",fc1959c7:"79694","7f1215b4":"79777","5e2a7dec":"79842",f92f7190:"79917",ea2a8a2b:"79971",cde6b8a6:"79978","5f2498b2":"80009","935f2afb":"80053","14706c8b":"80145","42705cec":"80316","05827d53":"80357","14fe5d11":"80451",e2c6734d:"80484","8855d2b7":"80517",ca5cb613:"80881",e656dc47:"80912","6525da2f":"80948",aab4c406:"81084","0899fb24":"81100","6baa2cef":"81182","40616ef9":"81229","173f7963":"81357","5eb6fbed":"81560","558e1c6c":"81636",bab8d2c4:"81643","3a836242":"81758","20643d6a":"81771",bf0e441c:"81804",fd8b739b:"81821",d96ceb02:"81940","74376b51":"81960","3923cff6":"82120","0904ab64":"82168","9107ea31":"82329","3e21b64c":"82344","56d960a3":"82347","7c5fdb97":"82478","853e4057":"82651","2456a5e0":"82654",ec9ce0b9:"82683","6cc9d60c":"82763",ce73e545:"82935",cc020efe:"82968",b768cbd4:"82977","1aa3183d":"83037","236783c9":"83050","8a3cf0bc":"83060","915b42ac":"83153","912ede02":"83184","3b8c55ea":"83217",c8a30dcb:"83276",e7e3539d:"83323",a05ad5a3:"83532",b4edc141:"83555","610c6209":"83590","0ca5e369":"83669",a6b4f274:"83827","9ec43235":"83856","0984e7b7":"84143",b8ae24ba:"84331",d4054b0c:"84394","2d11d1c7":"84541","381d9cc2":"84606","511f43e7":"84615",efc92035:"84723",bb002237:"84841",eba3cb06:"85064","4121ff2e":"85330","346c6f31":"85350","096b53d1":"85511",d3ac05e9:"85765",d39f4c6a:"85785",a32b9391:"85872","3d23d174":"85957","8a69729c":"85989","61ac022e":"86007","5665fc6b":"86019",e4627f95:"86341","95b4e82b":"86392","9e8974f2":"86478","2f9a61f7":"86621","4ed45869":"86754",defea45c:"86847","57b59cd4":"86849",e5249a91:"86892",e59cf075:"86905","0c4492b5":"86925","843d5c9d":"86983","813b8b2b":"86997","532cc112":"87089","535a9867":"87097",e08ad4e2:"87199","826a4450":"87413","003bd65f":"87659","673cfd93":"87908","5c098672":"88462","6bfb1f3b":"88746","119399a8":"88799","3ab60fbf":"89110",a89101e8:"89120","5b1b9265":"89213","9ceb8545":"89243","8a2021db":"89535","306e9acb":"89635",b809a965:"90069","67a3f72d":"90342",fa02121a:"90414","611ed0af":"90434","251e224c":"90451","9a147845":"90647",a618be25:"90673","1095b338":"90744",d01ce3bc:"90874",bf01e4e0:"91024","5eb60198":"91043","7f7d57e5":"91075","4b535752":"91550",aab66baf:"91577","08b38161":"91617",d41cac77:"91698","7675a0fe":"91709",baf595e3:"91835","3c5e5778":"91993","88d474ce":"92130","9f5a94da":"92180","5c2c8950":"92341",e19ba590:"92711","462cb3ee":"92901",ec0bc416:"93009",a6aa9e1f:"93089","77d972d9":"93116","5f593e60":"93117","799df3c7":"93185","0756af21":"93323","23d9fe45":"93432","62c56f8b":"93502",bb1699c9:"93549",ea480a96:"93614","22bf71e8":"93656","3fa77eb9":"93716","4aebba5d":"93851","6a545a3d":"93891","15960ad5":"94012","38d8ce0a":"94013","36a4e4f0":"94156",a793e2e1:"94176","8d66cedd":"94235",f3d6bf7d:"94243","259d4bd8":"94325",c07ebe24:"94579",f24deb99:"94881","222f68c8":"94899","98a7b080":"94977","45ca2515":"95018","1c05226e":"95051","07fcb413":"95142","266461e3":"95510","9b6133b9":"95647",dc648997:"95654","32f482e1":"95683","93946e0a":"95719","00f5d06d":"96030","83e792f1":"96075","1c3c8be8":"96298",a22ed5e4:"96688","7c409bae":"96813","1608665e":"96902","737abd23":"96979","7fb7e253":"97006","0752e30e":"97120","0462cff2":"97140",d8ef6140:"97213","4b385260":"97267","28d6087e":"97357",afacbea5:"97562",c6bc47df:"97602",cd0c0b67:"97635","7350c59a":"97722","7f9606e9":"97912","7ab81c4a":"97964","3d4ef3a7":"98087",d7e0d0e7:"98258","60e1e52f":"98437","32e847b8":"98498","97bdec26":"98659",af1a53b7:"98752","9b9ccd3e":"98807","4593cc08":"98991",b5c078ab:"99135","659dff9c":"99397","2b4e7f11":"99554","7bff08c9":"99734","285fd50d":"99812",a4707478:"99903"}[e]||e,r.p+r.u(e)},(()=>{var e={51303:0,40532:0};r.f.j=(d,c)=>{var a=r.o(e,d)?e[d]:void 0;if(0!==a)if(a)c.push(a[2]);else if(/^(40532|51303)$/.test(d))e[d]=0;else{var b=new Promise(((c,b)=>a=e[d]=[c,b]));c.push(a[2]=b);var f=r.p+r.u(d),t=new Error;r.l(f,(c=>{if(r.o(e,d)&&(0!==(a=e[d])&&(e[d]=void 0),a)){var b=c&&("load"===c.type?"missing":c.type),f=c&&c.target&&c.target.src;t.message="Loading chunk "+d+" failed.\n("+b+": "+f+")",t.name="ChunkLoadError",t.type=b,t.request=f,a[1](t)}}),"chunk-"+d,d)}},r.O.j=d=>0===e[d];var d=(d,c)=>{var a,b,f=c[0],t=c[1],o=c[2],n=0;if(f.some((d=>0!==e[d]))){for(a in t)r.o(t,a)&&(r.m[a]=t[a]);if(o)var i=o(r)}for(d&&d(c);n - + @@ -30,7 +30,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

- + \ No newline at end of file diff --git a/blogs/2018/08/15/python-support-for-podman.html b/blogs/2018/08/15/python-support-for-podman.html index 547570aa7..0d20e6cb8 100644 --- a/blogs/2018/08/15/python-support-for-podman.html +++ b/blogs/2018/08/15/python-support-for-podman.html @@ -12,14 +12,14 @@ - +

Python3 support for Podman

· 6 min read

podman logo

Python3 support for Podman

By Jhon Honce GitHub

You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

The python3-podman package containers a module that allows you to connect to a Podman socket activated systemd service on the same host or a remote host using a ssh tunnel. Using the python interface means you can run these commands from a MAC or Windows Box, as long as you have a Linux box with podman installed. We connect using varlink for the messaging protocol between client and service.

For the environment, you will need:

* Linux host
* podman package
* enable the io.podman.socket systemd unit file by executing

systemctl enable --now io.podman.socket

* Python3
* The python3-podman rpm, or podman package from PyPi.

Note: Currently, there is a matching rpm for each version of podman. In time, after the API stabilizes that may no longer be true.

Now lets start coding:

Using your favorite code editor you can copy and paste the following Python program into a file named latest_containers.py. Don’t forget Python uses whitespace to signify end-of-line and code blocks when you paste. The below python code will show all of the containers created since midnight UTC when it is run. The code comments provide a running commentary on how the module works in context.

#!/usr/bin/env python3

# Python standard date/time support
from datetime import datetime, time, timezone

# the module with all the goodness
import podman

midnight = datetime.combine(datetime.today(), time.min, tzinfo=timezone.utc)

# Our client is a context manager to make resource clean up easy. No arguments implies
#   connect to a local Podman service using the default interfaces.
with podman.Client() as client:

    # Retrieve all containers in containers storage.  Each container is presented
    #   as a Namespace and dict. You determine which is easiest for you to use
    #   for your solution.
    for c in client.containers.list():

     # A bit of sugar, convert any podman-formatted timestamp to
        #   a python datetime
        created_at = podman.datetime_parse(c.createdat)

        if created_at > midnight:

            # Now the results. We provide datetime_format() for consistent
         #   iso format in results if you wish to use it.
            print('ID: {}\n image: {}\n createdAt: {}'.format(
c.id[:12], c.image[:33], podman.datetime_format(created_at)))

Once you have this code copied into the file:

* chmod 755 latest_containers.py
* podman run fedora sleep 300 &
* ./latest_containers.py
ID: d7337530c6d1
 image: registry.fedoraproject.org/fedora
 createdAt: 2018–08–10T09:18:09.728858–07:00

You can watch the whole process here.

The container object above supports the Namespace and dict protocols. This is our most used data structure providing you the ability to use the returned object in your code as you wish.

Connecting to a remote host, requires only changing how you create the Client() in any script:

With podman.Client(uri='unix:/run/user/17945/podman/io.podman',
remote_uri='ssh://ruser@podman.example.com:22/run/podman/io.podman') as client:
* uri provides the local side of the ssh tunnel
* user is your username
* remote_uri provides the details needed to connect to the remote host, plus the socket file for podman. A complete ssh uri is supported to allow configuration of ports etc.
* ruser is the remote host username to be used for authentication
* podman.example.com is the FQDN of the host you are running the podman service on
* The port number of 22 is given above for completeness, that is the default and may be omitted.
* An identity file may be provided via identity_file, otherwise the podman library will defer to ssh for authenticating.

All other function and method calls are the same whether they are remote or local. Note: all filesystem paths are resolved on the host running the podman service not the podman client.

But wait there is more!

To iterate over all the images stored on the system, you only need to change containers to images like:

for i in client.images.list():

To find podman system information, you need to use: client.system.info(). Or, client.system.versions() if you need to know the release of the podman service components.

To determine if the podman service is available and working, client.system.ping() will return True if everything is working correctly.

One of the most complex operations is creating a new container from an image, the workflow:

* Pull image from registry
* Instantiate image object
* Set container options
* Create OCI container and object
with podman.Client() as client:
 ident = client.images.pull(name)
 img = client.images.get(ident)
opts = {
 'memory': '1G',
 'memory-reservation': '750M',
 'Memory-swap': '1.5G',
 }
ctnr = img.container(**opts)

Our calling pattern is “client.<model>.<method>(<options>)”, where the current models are:

* Images
* Containers
* System

The Podman man pages provide details on the methods and options to be used for each.

What’s been shown in this blog is how easy it is to use the Python module to do Podman commands from your Linux host. These bindings can be used on the same host that Podman is running on, or they could be used on a remote host. Although there is not a complete one to one correspondence between the Podman commands and the ones available via the Python bindings — yet, the end goal for this project is to get to that point. For instance the commands for interacting with pods are currently under development and when available, the Python module will be updated to allow access. In addition to that, there’s work underway to make this Python module available on MacOS and Windows via PyPi. When these ports go live, you will be able to interact with Podman service from any Linux, MacOS or Windows host.

I hope you have found the information in this blog to be useful and gives you further insight into Podman and this Python module. If you have any questions a great place to ask them is the IRC channel #podman on FREENODE.

Better yet if you’d like to help contribute to Podman or this Python module, please feel free to join us on GitHub!

https://github.com/containers/podman https://github.com/containers/podman/tree/main/contrib/python

- + \ No newline at end of file diff --git a/blogs/2018/09/10/welcome.html b/blogs/2018/09/10/welcome.html index a5e691da8..2040955fc 100644 --- a/blogs/2018/09/10/welcome.html +++ b/blogs/2018/09/10/welcome.html @@ -12,13 +12,13 @@ - +

What's NEW!

· One min read

If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

To start it up, check out the new Blogs and Releases sections on the site.

- + \ No newline at end of file diff --git a/blogs/2018/09/13/systemd.html b/blogs/2018/09/13/systemd.html index 13205bcdb..a710dcbd8 100644 --- a/blogs/2018/09/13/systemd.html +++ b/blogs/2018/09/13/systemd.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ The proper way to stop the container is to run sudo service redis stop.

An alternative to systemd for controlling containers lifecycle is to use CRI-O but this would be for another blog post :-).

- + \ No newline at end of file diff --git a/blogs/2018/09/25/pulling-images-from-docker.html b/blogs/2018/09/25/pulling-images-from-docker.html index b9c890b8e..d4a234f68 100644 --- a/blogs/2018/09/25/pulling-images-from-docker.html +++ b/blogs/2018/09/25/pulling-images-from-docker.html @@ -12,14 +12,14 @@ - +

Cool thing&#58; Pulling content directly from the Docker Daemon...

· 2 min read

podman logo

Pulling content directly from the Docker Daemon...

By Dan Walsh GitHub

Cool things you can do with Podman.

I recently received a bug report about some huge container images not working correctly in Docker. So I suggested to the reporter that they try them with Podman. He responded that he saw the images with docker images, but did not see them with podman images.

I explained to him that the Docker image and container database are separate from the Podman image and container database. I told him he would have to pull the images into Podman. Then I decided to try a cool feature of Podman, where I could pull images directly out of the Docker daemon.

First I look for the Centos Image inside of Docker.

# docker images | grep centos
docker.io/centos                    7                   49f7960eb7e4        2 months ago        200 MB

Podman has the ability through its use of containers/image to pull images using many different transports other than just pulling from Container Registries. It supports pulling directly from the Docker daemon, using the docker-daemon transport.

# podman pull docker-daemon:docker.io/centos:7
Getting image source signatures
Copying blob sha256:bcc97fbfc9e1a709f0eb78c1da59caeb65f43dc32cd5deeb12b8c1784e5b8237
 198.59 MB / 198.59 MB [====================================================] 1s
Copying config sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5
 2.15 KB / 2.15 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5

Now you have the Centos 7 image in Podman containers/storage datastore.

#podman images | grep centos
docker.io/library/centos            7       49f7960eb7e4   2 months ago   .com208MB

Now you can start using the image with Podman, Buildah and CRI-O. You can even create new images and push them back into the Docker daemon.

Try it out…

- + \ No newline at end of file diff --git a/blogs/2018/10/01/talk-replace-docker-with-podman.html b/blogs/2018/10/01/talk-replace-docker-with-podman.html index b95c3e26a..a982f4fae 100644 --- a/blogs/2018/10/01/talk-replace-docker-with-podman.html +++ b/blogs/2018/10/01/talk-replace-docker-with-podman.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

podman logo

Replacing Docker with Podman

By Dan Walsh GitHub

At the "All Systems Go!" conference on September 28-30, 2018 in Berlin Germany, Dan Walsh gave a talk on how you can replace docker with podman and not skip a beat. The talk was taped and can be viewed here.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/10/03/podman-remove-content-homedir.html b/blogs/2018/10/03/podman-remove-content-homedir.html index 18843961a..23fa77378 100644 --- a/blogs/2018/10/03/podman-remove-content-homedir.html +++ b/blogs/2018/10/03/podman-remove-content-homedir.html @@ -12,13 +12,13 @@ - +

Why can’t I delete storage files created by non-root podman?

· 5 min read

podman logo

Why can’t I delete storage files created by non-root Podman?

By Dan Walsh GitHub

Cool things you can do with Podman

When running Podman as root, the default location for storage is /var/lib/containers/storage. Of course, users cannot use this directory when running as non root, so Podman creates the storage by default in $HOME/.local/share/containers.

When Podman creates this storage it is running inside of a user namespace and is allowed to create UIDs and GIDs based off the UID ranges stored in /etc/subuid and the GIDs listed in /etc/subgid.

For example my account has UID and GID ranges 100000 through 165535 reserved for it, as well as my UID and primary GID, 3267.

#grep dwalsh /etc/subuid
dwalsh:100000:65536
$ grep dwalsh /etc/subgid
dwalsh:100000:65536

When Podman starts a container as non root, by default, it maps my UID, 3267, to UID 0 inside of the container, then it maps 100,000->1, 100,001->2, 100,002->3 … 165,535->65536.

You can see this mapping inside of the container

$ podman run -ti fedora cat  /proc/self/uid_map
     0       3267          1
     1     100000     65536
$ podman run -ti fedora cat  /proc/self/gid_map
     0       3267          1
     1     100000     65536

Since I’m root in the container, I can create and set ownership of files inside of the container for using any UIDs and GIDs that are mapped into the container.

To see what happens, I will create a file and directory owned by a non root user inside of a container.

podman run -ti --name testfile fedora bash -c "mkdir /testdir; touch /testdir/testfile; chown -R 1:1 /testdir"

Since that was successful, let’s mount the container and see what it looks like from outside of the user namespace that’s used for running the container.

$ mnt=$(podman mount testfile)
$ echo $mnt
/home/dwalsh/.local/share/containers/storage/vfs/dir/691e874b6e1ba6807ecbe73910396b10f118617233aacc3df3297ffc4e1332f9
$ ls -l $mnt
total 4
lrwxrwxrwx.  1 dwalsh dwalsh    7 Feb  7  2018 bin -> usr/bin
dr-xr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 boot
drwxr-xr-x.  2 dwalsh dwalsh    6 Apr 26 09:03 dev
drwxr-xr-x. 44 dwalsh dwalsh 4096 Apr 26 09:03 etc
drwxr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 home
lrwxrwxrwx.  1 dwalsh dwalsh    7 Feb  7  2018 lib -> usr/lib
lrwxrwxrwx.  1 dwalsh dwalsh    9 Feb  7  2018 lib64 -> usr/lib64
drwx------.  2 dwalsh dwalsh    6 Apr 26 09:03 lost+found
drwxr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 media
drwxr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 mnt
drwxr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 opt
drwxr-xr-x.  2 dwalsh dwalsh    6 Apr 26 09:03 proc
dr-xr-x---.  2 dwalsh dwalsh  162 Apr 26 09:03 root
drwxr-xr-x. 11 dwalsh dwalsh  169 Sep 25 09:11 run
lrwxrwxrwx.  1 dwalsh dwalsh    8 Feb  7  2018 sbin -> usr/sbin
drwxr-xr-x.  2 dwalsh dwalsh    6 Feb  7  2018 srv
drwxr-xr-x.  2 dwalsh dwalsh    6 Apr 26 09:03 sys
drwxr-xr-x.  2 100000 100000   22 Sep 25 13:38 testdir
drwxrwxrwt.  2 dwalsh dwalsh   32 Apr 26 09:03 tmp
drwxr-xr-x. 12 dwalsh dwalsh  144 Apr 26 09:03 usr
drwxr-xr-x. 19 dwalsh dwalsh  249 Apr 26 09:03 var

Notice the ownership of testdir and testfile. The namespace that was used for running the container mapped UID 100000 from outside of the namespace to UID 1 inside of the namespace, and did the same for GID 100000, mapping it to GID 1 inside of the namespace. When I set the ownership to UID and GID 1 from inside of the namespace, the corresponding values from outside of the namespace were what were recorded to disk.

$ ls -la $mnt/testdir
total 0
drwxr-xr-x.  2 100000 100000  22 Sep 25 13:38 .
drwxr-xr-x. 19 dwalsh dwalsh 257 Sep 25 13:38 ..
-rw-r--r--.  1 100000 100000   0 Sep 25 13:38 testfile

If i just try to clean up my directory I will get lots of errors.

rm -rf .local/share/containers/ 2>&1 | head -2
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/bin': Permission denied
rm: cannot remove '.local/share/containers/storage/vfs/dir/891e1e4ef82ad02a4ea1f030831f942d722c7694c4db64ca3239c8163b811c58/boot': Permission denied

This is because this content was created from inside of a user namespace where I was UID 0, and because I was UID 0 in that namespace, I could set and change ownership of anything owned by any ID that was mapped into the namespace. In this case, I assigned it an owner that wasn’t mapped to my own user. Once I left the namespace, and I was back in the host namespace where I was just myself again, the contents belonged to the UID that I had mapped to 1 for the user namespace, which wasn’t my own UID.

Because of this, if I wanted to clean it all up, I could become root to remove the directory. But if I don’t have root on the machine, what could I do?

Buildah unshare or rootlesskit bash

Well currently Buildah or rootlesskit can put you into the user namespace without launching a container and then you can remove the images.

$ buildah unshare
[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

I am now root inside of a namespace with the same mappings I’d use for a container, but everything else is the same. In particular, I’m not using the container’s root filesystem.

[root@localhost ~]# pwd
/home/dwalsh
[root@localhost ~]# rm -rf .local/share/containers/
[root@localhost ~]#

I am able to delete all the files in my homedir.

- + \ No newline at end of file diff --git a/blogs/2018/10/04/selinux-libvirt.html b/blogs/2018/10/04/selinux-libvirt.html index 5c30824ff..58bcc8d14 100644 --- a/blogs/2018/10/04/selinux-libvirt.html +++ b/blogs/2018/10/04/selinux-libvirt.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

SELinux blocks Podman container from talking to libvirt

· One min read

podman logo

SELinux blocks Podman container from talking to libvirt

By Dan Walsh GitHub

I wrote a SELinux blog on running a container with Podman. The talks explains why SELinux blocks the connection to the libvirt socket. It then goes on to explain how to setup the container to allow the communication.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-systemd.html b/blogs/2018/10/05/tripleo-systemd.html index aab6e4e43..69241cc76 100644 --- a/blogs/2018/10/05/tripleo-systemd.html +++ b/blogs/2018/10/05/tripleo-systemd.html @@ -12,14 +12,14 @@ - +

OpenStack Containerization with Podman – Part 2 (systemd)

· One min read

podman logo

Manage Podman containers with systemd

By Emilien Macchi GitHub

I wrote a blog post about how we manage Podman containers with systemd in OpenStack TripleO.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/05/tripleo-undercloud.html b/blogs/2018/10/05/tripleo-undercloud.html index b1898fb7d..fd3229627 100644 --- a/blogs/2018/10/05/tripleo-undercloud.html +++ b/blogs/2018/10/05/tripleo-undercloud.html @@ -12,14 +12,14 @@ - +

OpenStack Containerization with Podman – Part 1 (Undercloud)

· One min read

podman logo

Deploy OpenStack TripleO Undercloud Podman containers

By Emilien Macchi GitHub

I wrote a blog post about how we deploy OpenStack TripleO Undercloud with Podman containers.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/07/tripleo-upgrade.html b/blogs/2018/10/07/tripleo-upgrade.html index b4ba868e5..2347c9300 100644 --- a/blogs/2018/10/07/tripleo-upgrade.html +++ b/blogs/2018/10/07/tripleo-upgrade.html @@ -12,14 +12,14 @@ - +

OpenStack Containerization with Podman – Part 3 (Upgrades)

· One min read

podman logo

Upgrade OpenStack TripleO Undercloud from Docker to Podman containers

By Emilien Macchi GitHub

I wrote a blog post about how we could upgrade OpenStack TripleO Undercloud from Docker to Podman containers.

Read More

- + \ No newline at end of file diff --git a/blogs/2018/10/10/checkpoint-restore.html b/blogs/2018/10/10/checkpoint-restore.html index 7f2b1526d..b407949f4 100644 --- a/blogs/2018/10/10/checkpoint-restore.html +++ b/blogs/2018/10/10/checkpoint-restore.html @@ -12,7 +12,7 @@ - + @@ -70,7 +70,7 @@ the possibility to easily export the checkpoint and appropriate container state from one Podman instance to another Podman instance to be able to restore the checkpointed container.

- + \ No newline at end of file diff --git a/blogs/2018/10/31/podman-buildah-relationship.html b/blogs/2018/10/31/podman-buildah-relationship.html index 714891a43..bb6079be3 100644 --- a/blogs/2018/10/31/podman-buildah-relationship.html +++ b/blogs/2018/10/31/podman-buildah-relationship.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ most Linux platforms and both projects reside at GitHub.com with Buildah here and Podman here. Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.

Buildah specializes in building OCI images. Buildah's commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.

Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias ‘podman’ for ‘docker’ on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.

Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.

Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

CommandPodman BehaviorBuildah Behavior
buildCalls buildah budProvides the build-using-dockerfile (bud) command that emulates Docker’s build command.
commitCommits a Podman container into a container image. Does not work on a Buildah container. Once committed the resulting image can be used by either Podman or Buildah.Commits a Buildah container into a container image. Does not work on a Podman container. Once committed, the resulting image can be used by either Buildah or Podman.
mountMounts a Podman container. Does not work on a Buildah container.Mounts a Buildah container. Does not work on a Podman container.
pull and pushPull or push an image from a container image registry. Functionally the same as Buildah.Pull or push an image from a container image registry. Functionally the same as Podman.
runRun a process in a new container in the same manner as docker run.Runs the container in the same way as the RUN command in a Dockerfile.
rmRemoves a Podman container. Does not work on a Buildah container.Removes a Buildah container. Does not work on a Podman container.
rmi, images, tagEquivalent on both projects.Equivalent on both projects.
containers and psps is used to list Podman containers. The containers command does not exist.containers is used to list Buildah containers. The ps command does not exist.

A quick and easy way to summarize the difference between the two projects is the buildah run command emulates the RUN command in a Dockerfile while the podman run command emulates the docker run command in functionality.

Buildah is an efficient way to create OCI images while Podman allows you to manage and maintain those images and containers in a production environment using familiar container cli commands. Together they form a strong foundation to support your OCI container image and container needs. Best yet, they are both Open-source projects and you are more than welcome to contribute to either or both projects. Hope to see you there!

- + \ No newline at end of file diff --git a/blogs/2018/11/01/talk-state_of_container_technologies.html b/blogs/2018/11/01/talk-state_of_container_technologies.html index 121daa17b..2c480501a 100644 --- a/blogs/2018/11/01/talk-state_of_container_technologies.html +++ b/blogs/2018/11/01/talk-state_of_container_technologies.html @@ -12,13 +12,13 @@ - +

The State of Container Technologies in the Operating System

· One min read

podman logo

The State of Container Technologies in the Operating System Talk

By Dan Walsh GitHub

At the "LISA18" conference on October 29-31, 2018 in Nashville, TN, USA, Dan Walsh gave a talk on the State of Container Technologies in the Operating System.

The slides in PDF format are here.

- + \ No newline at end of file diff --git a/blogs/2018/11/19/build_libpod-container-images.html b/blogs/2018/11/19/build_libpod-container-images.html index b0a9b6842..af2d5c2fb 100644 --- a/blogs/2018/11/19/build_libpod-container-images.html +++ b/blogs/2018/11/19/build_libpod-container-images.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ the RPM package because it will make the upgrade process easier down the road.

To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

A bit about the images themselves

The image that can used to build the RPMs is called quay.io/libpod/build_libpod. You simply alter the tag to build for the various distributions. The latest tag will build CentOS7 RPMs. Two other tags exist: fedora28 and fedora29.

Create the temporary directory

Create a directory for where the RPMs will be volume mounted. It must be /tmp/rpms.

$ mkdir /tmp/rpms

Build the RPMs

Building the RPMs is a simple Podman command that leverages the container runlabel function in Podman. Once the image is pulled by Podman, it will install the required packages for building the RPMs. After the build is complete, the container will also test to make sure the RPMs install correctly.

$ sudo podman container runlabel -p run quay.io/libpod/build_libpod:fedora29
Trying to pull quay.io/libpod/build_libpod:fedora29...Getting image source signatures
Skipping fetch of repeat blob sha256:7692efc5f81cadc73ca1afde08b1a5ea126749fd7520537ceea1a9871329efde
Copying blob sha256:af79f3045c1f7e253b5952752ae4ecabb15f5ee1e2c7e4148132ed37ea7e0091
 24.70 MB / 24.70 MB [======================================================] 2s
Copying blob sha256:ff2caf91b3889620d64f6fa5529531c3fed78222ce33a89ac85318e410d302fb
 206 B / 206 B [============================================================] 0s
Copying blob sha256:dd6fe2d1ef4e4ca5252881a6ab2db0eecc1166486af08384eab121512fd8e1dd
 253 B / 253 B [============================================================] 0s
Copying blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
 32 B / 32 B [==============================================================] 0s
Skipping fetch of repeat blob sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Writing manifest to image destination
Storing signatures
Command: /proc/self/exe run -it --rm --net=host -v /tmp/rpms:/root/rpmbuild/RPMS/x86_64/:Z quay.io/libpod/build_libpod:fedora29
Cloning into '/go/src/github.com/containers/libpod'...
warning: redirecting to https://github.com/containers/podman/
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (31/31), done.
remote: Total 23112 (delta 12), reused 12 (delta 3), pack-reused 23078
Receiving objects: 100% (23112/23112), 15.96 MiB | 10.16 MiB/s, done.
Resolving deltas: 100% (13753/13753), done.
/go/src/github.com/containers/libpod
++ command -v dnf
+ pkg_manager=/usr/bin/dnf

... ** SHORTENED FOR BREVITY ***

Installed:
  python3-podman-0.11.2-1542207420.git2b911b0c.fc29.noarch            python3-pypodman-0.11.2-1542207420.git2b911b0c.fc29.noarch
  python3-dateutil-1:2.7.0-3.fc29.noarch                              python3-humanize-0.5.1-14.fc29.noarch
  python3-psutil-5.4.3-6.fc29.x86_64

Complete!

The resulting RPMs will end up in your temporary directory of /tmp/rpms.

$ find /tmp/rpms/
/tmp/rpms/
/tmp/rpms/noarch
/tmp/rpms/noarch/python3-pypodman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/noarch/python3-podman-0.11.2-1542210510.git2b911b0c.fc29.noarch.rpm
/tmp/rpms/x86_64
/tmp/rpms/x86_64/podman-debuginfo-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-debugsource-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm
/tmp/rpms/x86_64/podman-0.11.2-1542210510.git2b911b0c.fc29.x86_64.rpm

Future

If folks like this, I'll consider adding the ability to pass in a specific git commit to build.

- + \ No newline at end of file diff --git a/blogs/2018/11/27/podman-exists.html b/blogs/2018/11/27/podman-exists.html index ef069b9c7..6260e7be1 100644 --- a/blogs/2018/11/27/podman-exists.html +++ b/blogs/2018/11/27/podman-exists.html @@ -12,13 +12,13 @@ - +

Podman container|image exists

· 3 min read

podman logo

Podman container|image exists

By Brent Baude GitHub

We are seeing a proliferation of Podman usage in users' daily workflows. As such, these workflows are often scripted -- in something like bash -- and clear exit codes from the applications being run are paramount. One of the tasks we often see is a user wanting to verify if an image or a container exists in local storage. We saw several different approaches approaches to solving this including running podman ps or podman images with filters or complex uses of grep.

Solution

After a bit of discussion with our users, recorded in [issue #1845] (https://github.com/containers/podman/issues/1845), a plan was hatched to have a specific command that satisfies this use case. It was implemented for both containers and images; and I suppose if users wish, we could implement it for pods as well. If the image or container exists, Podman will return an exit code of 0. If it does not exist, Podman will return an exit code of 1. Any other exit code can be attributed to non-verification failures like permissions or failure in reading local storage.

Check on an images

To verify the existence of an image in your local storage, you can use the command podman image exists <IMAGE_NAME>. Let's clarify through the use of an example.

The images we have in our local storage are as follows:

$ sudo podman images
REPOSITORY                   TAG      IMAGE ID       CREATED        SIZE
docker.io/library/alpine     latest   196d12cf6ab1   2 months ago   4.67 MB

If we wanted to verify the existence of the image docker.io/library/alpine:latest, we would:

$ sudo podman image exists docker.io/library/alpine:latest
$ echo $?
0

You can also verify by short-name if preferable:

$ sudo podman image exists alpine
$ echo $?
0

You can also verify an image by an image's full or shortened ID.

$ sudo podman image exists 196d12cf6ab1
$ echo $?
0

And finally, a failure to verify example would look like:

$ sudo podman image exists busybox
$ echo $?
1

Check on a container

We can verify the existence of a container in much the same way as an image. The grammar differs slightly.

My system has the following container:

$ sudo podman ps --format {% raw %}"{{.ID}} {{.Names}}"{% endraw %}
472fde2f48c7 foobar

And I can verify the existence of the container with podman container exists <CONTAINER_NAME>.

$ sudo podman container exists foobar
$ echo $?
0

Like images, you can also verify a container using its full or partial container ID.

- + \ No newline at end of file diff --git a/blogs/2018/12/03/podman-runlabel.html b/blogs/2018/12/03/podman-runlabel.html index 4d4096766..10d865720 100644 --- a/blogs/2018/12/03/podman-runlabel.html +++ b/blogs/2018/12/03/podman-runlabel.html @@ -12,14 +12,14 @@ - +

Simplifying Podman commands with labels

· 3 min read

podman logo

Simplifying Podman commands with labels

By Brent Baude GitHub

Commands used by container runtimes to create containers have become complex. It is on purpose of course. When creating containers, we want the ability to specify various security or network attributes. But if you are in the unenviable position to have to keystroke in some of these lengthy commands, it can grow tiresome. Defining labels on the container image is a great way to define how the container should be run; however, now with Podman we can read and execute that label saving you potential command line bloat.

Container image Labels

Container images have had the concept of a label for quite some time. They are often used as identifiers for the image; i.e. version, release, author, etc. But you can create a container label for just about anything. With the Atomic CLI project, we used to leverage labels such as RUN, INSTALL, and UNINSTALL. These labels we defined for the purpose of their verbiage.

Podman container runlabel

To mimic the Atomic CLI project, we added a sub-command called podman container runlabel. This command will execute the contents of a given label as defined by the container image.

Lets consider an example. I have a simple container image based on mariab that I use for my Podman development. The image is made like so:

FROM docker.io/library/mariadb:latest
LABEL RUN="podman run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt IMAGE"
RUN echo "bind-address = 0.0.0.0" >> /etc/mysql/my.cnf

Note the definition of the RUN label in the image. It contains the complete command line description of how to run it. The use of IMAGE here is a placeholder is automatically substituted by Podman to the real image name. On my system, this image exists as quay.io/baude/demodb:latest.

We can get a preview of what Podman would run using the --display switch. In the case of my mariab image, a dry-run would show something like this:

$ sudo podman container runlabel --display run quay.io/baude/demodb:latest
Command: /proc/self/exe run --name some-mariadb -P -e MYSQL_ROOT_PASSWORD=x -dt quay.io/baude/demodb:latest

Note how the IMAGE was translated into the image name. If we rerun the previous command and subtract the --display option, podman will create the container exactly as described by the run label.

So, next time you create your own image, do yourself a favor and construct labels that Podman can read and simplify your life.

- + \ No newline at end of file diff --git a/blogs/2018/12/14/openstack-podman-healthchecks.html b/blogs/2018/12/14/openstack-podman-healthchecks.html index 7f9022726..25a3f16d5 100644 --- a/blogs/2018/12/14/openstack-podman-healthchecks.html +++ b/blogs/2018/12/14/openstack-podman-healthchecks.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/01/07/software-factory-podman.html b/blogs/2019/01/07/software-factory-podman.html index a22b1e9a2..512207a87 100644 --- a/blogs/2019/01/07/software-factory-podman.html +++ b/blogs/2019/01/07/software-factory-podman.html @@ -12,14 +12,14 @@ - +

Software Factory Container With Buildah And Podman

· One min read

Tristan de Cacqueray has posted a new blog: "Software Factory Container With Buildah And Podman". Tristan explains how to use Buildah and Podman to containerize a systemd based service suite.

- + \ No newline at end of file diff --git a/blogs/2019/01/08/rhel-8-and-podman.html b/blogs/2019/01/08/rhel-8-and-podman.html index b2aa7acd3..9ceb01d3d 100644 --- a/blogs/2019/01/08/rhel-8-and-podman.html +++ b/blogs/2019/01/08/rhel-8-and-podman.html @@ -12,13 +12,13 @@ - +

RHEl 8 beta and Podman

· One min read

Daniel Koszegi has posted a new blog: "First look at RHEL 8 and Podman". Daniel talks about the RHEL 8 beta and how Podman figures into it!.

- + \ No newline at end of file diff --git a/blogs/2019/01/14/podman-machine-and-boot2podman.html b/blogs/2019/01/14/podman-machine-and-boot2podman.html index 6dc987290..c8efec7ca 100644 --- a/blogs/2019/01/14/podman-machine-and-boot2podman.html +++ b/blogs/2019/01/14/podman-machine-and-boot2podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

Podman Machine and Boot2podman

· 3 min read

boot2podman logo

Podman Machine and Boot2podman

By Anders F Björklund GitHub

Update: September 9, 2021 - Tom Sweeney

This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

Original Post

By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

The command-line tool podman-machine is a simple way to create virtual machines running boot2podman.iso. It will create a "machine" with Linux prepared for running Linux containers, with Podman and Buildah (and their dependencies) pre-installed.

This way any client will be able to run containers, even though not possible on their operating system. Whether their Linux distribution is too old or too unprivileged, or if they are running Windows or OS X operating systems without native Linux support.

Podman Machine

Machine lets you create servers with Podman, then configures the Podman clients.

$ podman-machine create box
$ podman-machine ssh box

tc@box:~$ sudo podman

Will automatically download the latest version of the ISO, if not available in the cache.

See: https://github.com/boot2podman/machine

Boot2Podman ISO

Boot2podman is a lightweight Linux distribution made specifically to run Linux containers.

  • Tiny Core Linux 9.x (x86_64)
  • Buildah / Varlink / Podman

The distribution runs entirely from RAM, while persisting the containers and ssh keys.

See: https://github.com/boot2podman/boot2podman

Remote Access

It is possible to use the pypodman command-line tool, to control podman remotely:

$ eval $(podman-machine env box)
$ pypodman version

https://github.com/containers/python-podman

Or alternatively to use the varlink-go command-line tool, to access the podman API:

$ eval $(podman-machine env box --varlink)
$ varlink-go call io.podman.GetVersion

https://github.com/boot2podman/varlink-go

Both methods use SSH, in order to access the podman varlink socket of the VM.

The SSH keys and other configuration is automatically created with the machine.

Tiny Core

The regular boot2podman.iso is based on Tiny Core Linux:

https://github.com/boot2podman/boot2podman/releases

This is a minimal system, that runs entirely from RAM and uses init(1).

The package manager uses TCZ packages, handled by the tce-load program.

See: https://en.wikipedia.org/wiki/Tiny_Core_Linux

Fedora

There is also an alternative version, based on Fedora Linux:

https://github.com/boot2podman/boot2podman-fedora-iso/releases

This is a full system, that boots a regular image and uses systemd(1).

The package manager uses RPM packages, handled by the dnf program.

See: https://en.wikipedia.org/wiki/Fedora_(operating_system)

Both versions will do the same thing, in that they will both offer the Podman varlink socket.

The Podman Machine can set up virtual machines for either, by using the "url" parameters.

For more posts about boot2podman, see: https://boot2podman.github.io/

- + \ No newline at end of file diff --git a/blogs/2019/01/15/podman-pods.html b/blogs/2019/01/15/podman-pods.html index 0255e312e..072d94a8d 100644 --- a/blogs/2019/01/15/podman-pods.html +++ b/blogs/2019/01/15/podman-pods.html @@ -12,14 +12,14 @@ - +

Managing pods and containers in a local container runtime

· One min read

Brent Baude has written a new article called "Managing pods and containers in a local container runtime" on the Red Hat Developer site. Learn how using pods in Podman can help organize and orchestrate your containers.

- + \ No newline at end of file diff --git a/blogs/2019/01/16/podman-varlink.html b/blogs/2019/01/16/podman-varlink.html index 6576d5c60..f24926fe2 100644 --- a/blogs/2019/01/16/podman-varlink.html +++ b/blogs/2019/01/16/podman-varlink.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ in one of your path directories

For Linux systems:

You can also use varlink util from libvarlink or install libvarlink-util on Fedora/RHEL machines.

The varlink CLI command in ~/.cargo/bin should output:

$ varlink --bridge "ssh <podman-machine>" info
Vendor: Atomic
Product: podman
Version: 0.10.1
URL: https://github.com/containers/podman
Interfaces:
  org.varlink.service
  io.podman
$ varlink --bridge "ssh <podman-machine>" call io.podman.Ping
{
  "ping": {
    "message": "OK"
  }
}

$ varlink --bridge "ssh <podman-machine>" call io.podman.MountContainer "{\"name\": \"container-id\"}"
Error: Call failed with error: io.podman.ErrorOccurred
{
  "reason": "no container with name or ID container-id found: no such container"
}

To find out more about the Podman varlink interface read the io.podman.varlink file or the rendered API.md.

Or you can inspect, what methods your Podman version on <podman-machine> provides:

$ varlink --bridge "ssh <podman-machine>" help io.podman

Rust Client Example

Either clone this repository or:

$ cargo new --bin podmanrs
$ cd podmanrs

Download the varlink interface from the running Podman varlink service:

$ varlink --bridge "ssh <podman-machine>" help io.podman > src/io.podman.varlink

create build.rs:

extern crate varlink_generator;

fn main() {
   varlink_generator::cargo_build_tosource("src/io.podman.varlink", true);
}

create Cargo.toml:

[package]
name = "podmanrs"
version = "0.1.0"
authors = ["Harald Hoyer <harald@redhat.com>"]
build = "build.rs"
edition = "2018"

[dependencies]
varlink = "7"
serde = "1"
serde_derive = "1"
serde_json = "1"
chainerror = "0.4"
[build-dependencies]
varlink_generator = "7"

create src/main.rs:

mod io_podman;

use crate::io_podman::*;
use varlink::Connection;
use std::result::Result;
use std::error::Error;

fn main() -> Result<(), Box<Error>> {
    let connection = Connection::with_bridge(
        "ssh <podman-machine>",
    )?;
    let mut podman = VarlinkClient::new(connection.clone());
    let reply = podman.ping().call()?;
    println!("Ping() replied with '{}'", reply.ping.message);
    let reply = podman.get_info().call()?;
    println!("Hostname: {}", reply.info.host.hostname);
    println!("Info: {:#?}", reply.info);
    Ok(())
}

Now run it:

$ cargo run
- + \ No newline at end of file diff --git a/blogs/2019/02/07/hack-and-tools.html b/blogs/2019/02/07/hack-and-tools.html index 861dd0ee3..f7ab34d85 100644 --- a/blogs/2019/02/07/hack-and-tools.html +++ b/blogs/2019/02/07/hack-and-tools.html @@ -12,13 +12,13 @@ - +

Container Tools on RHEL 8 & How to Hack Podman

· One min read

podman logo

Scott McCarty wrote "Red Hat Enterprise Linux 8 Beta: A new set of container tools". In the blog Scott introduces the new container tools in RHEL 8 Beta. Spoiler Alert! No Big Fat Daemons were harmed in the examples Scott provides!

Hervé Beraud wrote "How to Hack on Podman, which walks you through contributing to the Podman project.

Both are great reads to help build your container tools knowledge.

- + \ No newline at end of file diff --git a/blogs/2019/02/21/pandb-4-users.html b/blogs/2019/02/21/pandb-4-users.html index 47c8a6a45..e9548708c 100644 --- a/blogs/2019/02/21/pandb-4-users.html +++ b/blogs/2019/02/21/pandb-4-users.html @@ -12,13 +12,13 @@ - +

Podman and Buildah for Docker Users!

· One min read

podman logo

Podman and Buildah for Docker Users

By Tom Sweeney GitHub

A new article about how Docker users can use Podman and Buildah on the Red Hat Developer Site. William Henry (@ipbabble) introduces the two tools to Docker users and explains how they can be used to replace Docker and how the two tools are related.

- + \ No newline at end of file diff --git a/blogs/2019/03/16/podman-install.html b/blogs/2019/03/16/podman-install.html index dfdc481d0..1c738b7df 100644 --- a/blogs/2019/03/16/podman-install.html +++ b/blogs/2019/03/16/podman-install.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ author: tsweeney categories: [blogs] tags: [containers, images, docker, buildah, podman, oci]

podman logo

Installation of Podman to Run Docker Container - Part 1

By Tom Sweeney GitHub

A new article about how Opvizor installed Podman to run Docker containers. This blog entry at Opvizor looks into their installation process and their early takeaways on Podman.

- + \ No newline at end of file diff --git a/blogs/2019/03/18/CI3.html b/blogs/2019/03/18/CI3.html index 0783d554b..44592d3a1 100644 --- a/blogs/2019/03/18/CI3.html +++ b/blogs/2019/03/18/CI3.html @@ -12,7 +12,7 @@ - + @@ -104,7 +104,7 @@ or snide remarks there, please feel free to find me in #podman on Freenode (IRC). Unless the question is too-smart, I might even be able to answer it. Until then, may your pretty code keep its bugs well hidden and out of sight.

- + \ No newline at end of file diff --git a/blogs/2019/03/22/podman-made-easy.html b/blogs/2019/03/22/podman-made-easy.html index 3096e0d28..b36188762 100644 --- a/blogs/2019/03/22/podman-made-easy.html +++ b/blogs/2019/03/22/podman-made-easy.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/04/01/podman-crosswords.html b/blogs/2019/04/01/podman-crosswords.html index 23c047534..c0aa2bebe 100644 --- a/blogs/2019/04/01/podman-crosswords.html +++ b/blogs/2019/04/01/podman-crosswords.html @@ -12,14 +12,14 @@ - +

Podman Saves My Crossword Habit

· One min read

podman logo

Podman Saves My Crossword Habit

By Tom Sweeney GitHub

Ed Santiago (@edsantiago) needed help with his New York Times crossword puzzle. So naturally he turned to Podman to save the day. Read about it in his blog post: Podman Saves My Crossword Habit. Many thanks to Ed for sharing this innovative use of Podman.

- + \ No newline at end of file diff --git a/blogs/2019/04/16/cinc.html b/blogs/2019/04/16/cinc.html index e6f1dce2c..a4fd19fde 100644 --- a/blogs/2019/04/16/cinc.html +++ b/blogs/2019/04/16/cinc.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/04/22/health.html b/blogs/2019/04/22/health.html index ac4245bc4..536def1d4 100644 --- a/blogs/2019/04/22/health.html +++ b/blogs/2019/04/22/health.html @@ -12,13 +12,13 @@ - +

Monitoring container vitality and availability with Podman

· One min read

podman logo

Monitoring container vitality and availability with Podman

By Brent Baude GitHub

Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/05/18/micro-dnf.html b/blogs/2019/05/18/micro-dnf.html index 7be838743..6d2083b10 100644 --- a/blogs/2019/05/18/micro-dnf.html +++ b/blogs/2019/05/18/micro-dnf.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/05/24/podman-made-easy2.html b/blogs/2019/05/24/podman-made-easy2.html index ffe15c9ca..e716d7812 100644 --- a/blogs/2019/05/24/podman-made-easy2.html +++ b/blogs/2019/05/24/podman-made-easy2.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/06/13/new.html b/blogs/2019/06/13/new.html index f269b96b3..a4a6a365a 100644 --- a/blogs/2019/06/13/new.html +++ b/blogs/2019/06/13/new.html @@ -12,13 +12,13 @@ - +

Podman Cheat Sheet

· One min read

Red Hat Developer recently posted a new Podman Cheat Sheet on their blog. It's a handy guide that cover the commands that focus on images, containers and container resources. Check it out!

- + \ No newline at end of file diff --git a/blogs/2019/06/13/podman-cheatsheet.html b/blogs/2019/06/13/podman-cheatsheet.html index b4d8782cb..4073d2f9c 100644 --- a/blogs/2019/06/13/podman-cheatsheet.html +++ b/blogs/2019/06/13/podman-cheatsheet.html @@ -12,13 +12,13 @@ - +

Podman Cheat Sheet

· One min read

podman logo

Podman Cheat Sheet

By Tom Sweeney GitHub

Red Hat Developer recently posted a new Podman Cheat Sheet on their blog. It's a handy guide that cover the commands that focus on images, containers and container resources. Check it out!

- + \ No newline at end of file diff --git a/blogs/2019/06/17/mailinglist.html b/blogs/2019/06/17/mailinglist.html index e627eda93..2b2b02133 100644 --- a/blogs/2019/06/17/mailinglist.html +++ b/blogs/2019/06/17/mailinglist.html @@ -12,13 +12,13 @@ - +

Podman Mailing list

· 2 min read

podman logo

Podman Mailing List

By Tom Sweeney GitHub

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

To sign up for the mailing list use email or the web interface:

Regardless of which method you use, a confirmation email will be sent to you. After you reply back to that confirmation email, you'll then be able to send mail directly to podman@lists.podman.io. You can then also go to the list's web page at lists.podman.io, click on the Podman link and from there you can see all of the past conversations on the list or manage your subscription.

Please note, if you have a bug that you'd like to report, it's best to report them here by creating a "New issue" rather than sending an email to the list.

We hope over time this mailing list will be a friendly and useful tool for the entire Podman community.

- + \ No newline at end of file diff --git a/blogs/2019/06/17/new.html b/blogs/2019/06/17/new.html index 859cbf578..47f52c0f8 100644 --- a/blogs/2019/06/17/new.html +++ b/blogs/2019/06/17/new.html @@ -12,13 +12,13 @@ - +

Announcing the Podman Mailing List!

· One min read

We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

Get all the details on this blog post!

- + \ No newline at end of file diff --git a/blogs/2019/06/19/new.html b/blogs/2019/06/19/new.html index db368fd07..e99ee04c1 100644 --- a/blogs/2019/06/19/new.html +++ b/blogs/2019/06/19/new.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/19/ondemand-course.html b/blogs/2019/06/19/ondemand-course.html index a5f8d42b4..72b94a30a 100644 --- a/blogs/2019/06/19/ondemand-course.html +++ b/blogs/2019/06/19/ondemand-course.html @@ -12,13 +12,13 @@ - +

OnDemand Course&#58; Container pipelines for sys admins—and anyone, really—with Buildah and Podman

· One min read

podman logo

OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

By Tom Sweeney GitHub

Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

- + \ No newline at end of file diff --git a/blogs/2019/06/26/new.html b/blogs/2019/06/26/new.html index 7ed3319cc..e8001b0bd 100644 --- a/blogs/2019/06/26/new.html +++ b/blogs/2019/06/26/new.html @@ -12,13 +12,13 @@ - +

Replacing Docker with Podman

· One min read

Ganesh Mani recently wrote the blog Replacing Docker with Podman — Power of Podman — Cloudnweb. The article gives a nice overview of Docker, Podman, their differences, and how you can use Podman to replace Docker. A nice read and really, who doesn't love a blog that wraps up with a meme featuring The Rock?

- + \ No newline at end of file diff --git a/blogs/2019/06/26/replace-docker-with-podman.html b/blogs/2019/06/26/replace-docker-with-podman.html index ab3f90069..bb81618b6 100644 --- a/blogs/2019/06/26/replace-docker-with-podman.html +++ b/blogs/2019/06/26/replace-docker-with-podman.html @@ -12,14 +12,14 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/07/06/new.html b/blogs/2019/07/06/new.html index 46661ff5b..5ac4420dc 100644 --- a/blogs/2019/07/06/new.html +++ b/blogs/2019/07/06/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
- + \ No newline at end of file diff --git a/blogs/2019/07/06/ruby.html b/blogs/2019/07/06/ruby.html index b0d301281..f9f56a735 100644 --- a/blogs/2019/07/06/ruby.html +++ b/blogs/2019/07/06/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/new.html b/blogs/2019/07/29/new.html index 762f1b4ca..f7b49a633 100644 --- a/blogs/2019/07/29/new.html +++ b/blogs/2019/07/29/new.html @@ -12,13 +12,13 @@ - +

Podman&#58; Linux containers made easy, part 3

· One min read

It's in German again, but a worthy read Podman: Linux containers made easy, part 3. Valentin Rothberg (@vrothberg) introduces Podman to the reader and talks about how it fits in the container eco-system. If your German is a little rusty, you may need to lean on Google Translate.

- + \ No newline at end of file diff --git a/blogs/2019/07/29/podman-made-easy3.html b/blogs/2019/07/29/podman-made-easy3.html index faa5a8e35..78fb2eb9f 100644 --- a/blogs/2019/07/29/podman-made-easy3.html +++ b/blogs/2019/07/29/podman-made-easy3.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/08/08/new.html b/blogs/2019/08/08/new.html index 6631109fa..7118b8b21 100644 --- a/blogs/2019/08/08/new.html +++ b/blogs/2019/08/08/new.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/08/podman-images.html b/blogs/2019/08/08/podman-images.html index d79828737..cc24e1d29 100644 --- a/blogs/2019/08/08/podman-images.html +++ b/blogs/2019/08/08/podman-images.html @@ -12,13 +12,13 @@ - +

Command Highlight&#58; podman images

· One min read

podman logo

Command Highlight: podman images

By Tom Sweeney GitHub

A quick asciinema demo highlighting what the podman images command can do. A great way to get quickly immersed with this command in just a few minutes time. Checkout the demo here and if you want to run the script yourself, it can be found here.

- + \ No newline at end of file diff --git a/blogs/2019/08/10/new.html b/blogs/2019/08/10/new.html index 61bc968d4..b0bd989bf 100644 --- a/blogs/2019/08/10/new.html +++ b/blogs/2019/08/10/new.html @@ -12,13 +12,13 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/10/podman-ibm-developer.html b/blogs/2019/08/10/podman-ibm-developer.html index ff6a8a443..d8c9c3391 100644 --- a/blogs/2019/08/10/podman-ibm-developer.html +++ b/blogs/2019/08/10/podman-ibm-developer.html @@ -12,14 +12,14 @@ - +

How templating works with Podman, Kubernetes, and Red Hat OpenShift

· One min read

podman logo

How templating works with Podman, Kubernetes, and Red Hat OpenShift

By Tom Sweeney GitHub

Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

- + \ No newline at end of file diff --git a/blogs/2019/08/14/new.html b/blogs/2019/08/14/new.html index fd5abc9ab..af649df9f 100644 --- a/blogs/2019/08/14/new.html +++ b/blogs/2019/08/14/new.html @@ -12,13 +12,13 @@ - +
- + \ No newline at end of file diff --git a/blogs/2019/08/22/new.html b/blogs/2019/08/22/new.html index 1d4cd62ee..f02396c0d 100644 --- a/blogs/2019/08/22/new.html +++ b/blogs/2019/08/22/new.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/22/podman-tech-preview.html b/blogs/2019/08/22/podman-tech-preview.html index ff0d7a51a..9f1a798c2 100644 --- a/blogs/2019/08/22/podman-tech-preview.html +++ b/blogs/2019/08/22/podman-tech-preview.html @@ -12,13 +12,13 @@ - +

Using the rootless containers Tech Preview in RHEL 8.0

· One min read

podman logo

Using the rootless containers Tech Preview in RHEL 8.0

By Tom Sweeney GitHub

Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

- + \ No newline at end of file diff --git a/blogs/2019/08/23/new.html b/blogs/2019/08/23/new.html index fcb4fa403..5da54a5e0 100644 --- a/blogs/2019/08/23/new.html +++ b/blogs/2019/08/23/new.html @@ -12,13 +12,13 @@ - +

Podman, contenedores sin Docker

· One min read

How's your espanol? If it's good, checkout this video blog on YouTube Podman, contenedores sin Docker! In it Iñigo Serrano shows how to run Wildfly in a Podman container without Docker.

- + \ No newline at end of file diff --git a/blogs/2019/08/23/podman-en-espanol.html b/blogs/2019/08/23/podman-en-espanol.html index d9db59de8..3f474586f 100644 --- a/blogs/2019/08/23/podman-en-espanol.html +++ b/blogs/2019/08/23/podman-en-espanol.html @@ -12,13 +12,13 @@ - +

Podman, contenedores sin Docker

· One min read

podman logo

Podman, contendores sin Docker

By Tom Sweeney GitHub

How's your espanol? If it's good or you want to work on it, checkout this video blog on YouTube from Iñigo Serrano Podman, contenedores sin Docker. In it Iñigo Serrano shows how to run Wildfly in a Podman container without Docker.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/buildah-in-containers.html b/blogs/2019/08/28/buildah-in-containers.html index f9d79f26d..b2d5ba7dd 100644 --- a/blogs/2019/08/28/buildah-in-containers.html +++ b/blogs/2019/08/28/buildah-in-containers.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

podman logo

Best practices for running Buildah in a container

By Dan Walsh GitHub

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/08/28/new.html b/blogs/2019/08/28/new.html index 22aa81395..da052fa39 100644 --- a/blogs/2019/08/28/new.html +++ b/blogs/2019/08/28/new.html @@ -12,13 +12,13 @@ - +

Best practices for running Buildah in a container

· One min read

Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/new.html b/blogs/2019/09/11/new.html index 99a82a826..dd8fbf393 100644 --- a/blogs/2019/09/11/new.html +++ b/blogs/2019/09/11/new.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

Matt Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/11/rootless-pulling.html b/blogs/2019/09/11/rootless-pulling.html index d0aa86cfe..23d7d05d7 100644 --- a/blogs/2019/09/11/rootless-pulling.html +++ b/blogs/2019/09/11/rootless-pulling.html @@ -12,13 +12,13 @@ - +

Why can’t rootless Podman pull my image?

· One min read

podman logo

Why can’t rootless Podman pull my image?

By Matthew Heon GitHub

Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

- + \ No newline at end of file diff --git a/blogs/2019/09/25/new.html b/blogs/2019/09/25/new.html index eeec057f4..51a55eb55 100644 --- a/blogs/2019/09/25/new.html +++ b/blogs/2019/09/25/new.html @@ -12,13 +12,13 @@ - +

Podman in HPC environments

· One min read

Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

- + \ No newline at end of file diff --git a/blogs/2019/09/26/podman-in-hpc.html b/blogs/2019/09/26/podman-in-hpc.html index f668eacae..054e937ba 100644 --- a/blogs/2019/09/26/podman-in-hpc.html +++ b/blogs/2019/09/26/podman-in-hpc.html @@ -12,7 +12,7 @@ - + @@ -54,7 +54,7 @@ this container image, Podman will do it before launching this container.

  • /home/ring

    The MPI program in the container which should be started.

    • Thanks to Podman's fork-exec model it is really simple to use it in combination with Open MPI as Open MPI will start Podman just as it would start the actual MPI application.

    - + \ No newline at end of file diff --git a/blogs/2019/10/02/container-networking.html b/blogs/2019/10/02/container-networking.html index c5772a9c7..c7ce1dc19 100644 --- a/blogs/2019/10/02/container-networking.html +++ b/blogs/2019/10/02/container-networking.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/10/02/new.html b/blogs/2019/10/02/new.html index 85ecc63cd..a128c9209 100644 --- a/blogs/2019/10/02/new.html +++ b/blogs/2019/10/02/new.html @@ -12,13 +12,13 @@ - +

    Configuring container networking with Podman

    · One min read

    Brent Baude has a blog post on the Red Hat Enable Sysadmin site about Configuring container networking with Podman. In the post Brent goes over how you can communicate between a container and the host, between containers in and out of a pod, while running as a root and as a non-root user.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/1-new.html b/blogs/2019/10/14/1-new.html index bff59c9d4..cdecb93d7 100644 --- a/blogs/2019/10/14/1-new.html +++ b/blogs/2019/10/14/1-new.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/2-new.html b/blogs/2019/10/14/2-new.html index 755204856..8af4febf9 100644 --- a/blogs/2019/10/14/2-new.html +++ b/blogs/2019/10/14/2-new.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/SayHello.html b/blogs/2019/10/14/SayHello.html index a3fc350f6..189bb0e1f 100644 --- a/blogs/2019/10/14/SayHello.html +++ b/blogs/2019/10/14/SayHello.html @@ -12,13 +12,13 @@ - +

    Say “Hello” to Buildah, Podman, and Skopeo

    · One min read

    podman logo

    Say “Hello” to Buildah, Podman, and Skopeo

    By Tom Sweeney GitHub

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    - + \ No newline at end of file diff --git a/blogs/2019/10/14/docker-vs-podman-security.html b/blogs/2019/10/14/docker-vs-podman-security.html index 21cb53768..271b368a0 100644 --- a/blogs/2019/10/14/docker-vs-podman-security.html +++ b/blogs/2019/10/14/docker-vs-podman-security.html @@ -12,13 +12,13 @@ - +

    Here’s why podman is more secured than Docker – DevSecOps

    · One min read

    podman logo

    Here’s why podman is more secured than Docker – DevSecOps

    By Tom Sweeney GitHub

    Ganesh Mani discusses why Podman is more secure than Docker here on the CLOUDNWEB site. Ganesh talks about why Podman's fork and execute model is more secure than Docker's client server model.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/generate-seccomp-profiles.html b/blogs/2019/10/15/generate-seccomp-profiles.html index 898b979e0..d82d3fb4d 100644 --- a/blogs/2019/10/15/generate-seccomp-profiles.html +++ b/blogs/2019/10/15/generate-seccomp-profiles.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    Background

    At DevConf.cz in early 2019, Dan Walsh and I were talking about container security and how we could improve the status quo in a user-friendly fashion. Among other things, we talked about seccomp, a widely used security feature of Linux. At its very core, seccomp allows for filtering the syscalls invoked by a process and can thereby be used to restrict which syscalls a given process is allowed to execute. Many software projects such as Android, Flatpak, Chrome and Firefox use seccomp to further tighten the security. One threat model seccomp protects against is the damage a malicious process can do. The fewer syscalls are available, the smaller is the attack surface. Hence, an attacker might gain control over some process of a web browser but seccomp will restrict the set of available syscalls to only those it needs. For instance, the syscalls needed for a rendering a website. The reduced attack surface can prevent the attacker from gaining control over the system. This makes seccomp a powerful security tool but while talking about it Dan and I quickly realized there is room for improvement.

    The tricky part of security is making it user friendly. A security mechanism should not turn into an annoyance or an obstacle. Otherwise some users will turn it off. Most container tools use a default seccomp filter which was initially written by Jesse Frazelle for Docker. This default filter found a balance between tightening the security while remaining portable to allow most workloads to run without receiving permission errors. The fact that this default filter is used by Docker, Podman, CRI-O, containerd and other tools on millions of deployments around the globe, shows its importance and impact. However, the default filter is pretty loose and it still allows more than 300 of the 435 syscalls on Linux 5.3 x86_64. The high number of available syscalls is essential to support as many containers as possible but according to Aqua Sec, most containers require only 40 to 70 syscalls. This means that the syscall attack surface of an average container could further be reduced by around 80 percent. But if we want to restrict more syscalls than the default filter, we face the problem of finding out which syscalls a container actually needs. That’s the problem we decided to work on and to ultimately come up with an open-source solution that users can easily use and integrate into their workflows.

    Dan and I started to philosophize about how we wanted to tackle the problem of finding out which syscalls a given container needs. Statically analyzing the code is theoretically optimal as we can determine the exact set of syscalls the program needs. But we quickly run into practical issues where corner cases cannot be covered and where users need a deep understanding of the code and certainly of the limitations of the individual analyzers. Such approaches are also programming-language specific and hence not generally applicable. All in all, static analysis does not provide the level of user friendliness and automation we wanted. Hence, we decided upon runtime analysis and proposed a project for Google Summer of Code under the umbrella of the Fedora project. The project proposal was to trace the processes running inside a container and to create a seccomp filter based on the set of recorded syscalls. The proposal was eventually accepted and we are thrilled how far we came thanks to Divyansh Kamboj who worked with us during this summer and who has turned into an active contributor to our github.com/containers projects.

    Tracing the syscalls of a container

    After some initial experiments with ptrace, we were looking for an alternative tracing mechanism. Ptrace has some considerable performance impacts that we were not willing to take, so Divyansh explored the idea of using audit logging of seccomp actions. Since Linux v4.14, the actions of seccomp filters can be recorded in the audit log. Using seccomp to create a new seccomp filter was tempting and the initial experiments have shown promising results until we started to run multiple containers in parallel. We could see and track which syscalls have been used but we could not figure out which process and hence which syscall belongs to which container. The Linux kernel community is currently debating to add an audit container ID which identifies a container in the logs but there is no consensus yet and we do not expect a solution in the near future. We had to find another solution.

    Eventually, we decided to use the extended Berkeley Packet Filter (eBPF) for tracing. eBPF allows for writing custom programs that can hook into various code paths in the kernel. These programs can be injected from user space into the kernel who interprets them in a special virtual machine. BPF was originally written to inspect networking packets directly in the kernel to achieve the lowest possible latency and best performance. Nowadays, with eBPF we can inspect many more aspects of the kernel. For our purpose, we hook into the sysenter tracepoint when entering the kernel from user space. This allows us to quickly inspect which syscalls are called by a given process. Although eBPF is fast, we still faced the aforementioned absence of a container concept in the kernel, so we had to find a way to know if a given process is part of the container we want to trace or not. We decided to identify a container by its PID namespace. If the PID namespace of the process we hit in our eBPF program corresponds to the container we are currently tracing, then we record the syscall. Ultimately, if a container creates a new PID namespace, we will not trace processes inside the new namespace and generate an inaccurate filter. But that is pretty much the only limitation.

    The OCI seccomp bpf hook

    We implemented the syscall tracer as an Open Container Initiative (OCI) runtime hook. OCI runtime hooks are called at different stages of the lifecycle of a container and are executed by OCI-compliant container runtimes, such as runc. Runc is used to spawn and run containers, and is the default runtime of Podman, containerd, Docker and many other tools. Our syscall-tracing hook runs at the prestart stage, where the init process of the container is created but not yet started. At this point, we can extract the PID namespace of the container, compile the eBPF program and start it. All this happens before the container is started, so we do not run into a race condition and avoid losing any early syscalls of the container. Once the eBPF program is running, we detach it from the hook and the container runtime can start the container. All source code is open source and can be downloaded from github.com/containers/oci-seccomp-bpf-hook. We are currently creating packages for Fedora and CentOS and hope to provide packages for more distributions in the near future. In the following, we go through a step-by-step example how the hook can be used in practice.

    Let’s first install Podman. Podman is a daemonless container engine for running containers and Pods and supports running rootless containers.

    $ sudo dnf install -y podman

    Next, we clone the git repository of the OCI seccomp bpf hook to compile and install it. Note that we need to install a few more packages in order to compile the hook.

    $ sudo dnf install -y bcc-devel bcc-tools git golang libseccomp-devel golang-github-cpuguy83-md2man make
    $ git clone https://github.com/containers/oci-seccomp-bpf-hook.git
    $ cd oci-seccomp-bpf-hook
    $ make binary
    $ PREFIX=/usr sudo make install

    Now, with the hook being installed we can use Podman to run a container and use the hook for tracing syscalls. eBPF requires root privileges so we cannot make use of Podman’s rootless support while tracing. However, we can use the generated seccomp profiles for running the workloads in a rootless container.

    $ sudo podman run --annotation io.containers.trace-syscall=of:/tmp/ls.json fedora:30 ls / > /dev/null

    In the upper example, we are running ls in a fedora:30 container. The annotation io.containers.trace-syscall is used to start our hook while its value expects a mandatory output file (short “of:”) that points to a path where we want the new seccomp filter to be written. In fact, the output file is a json file which is often referred to as a seccomp profile that container engines such as Podman and Docker will eventually parse and compile into a seccomp filter for the kernel. When inspecting the generated profile we will notice that there are more syscalls than ls executes. Those syscalls are the ones that runc invokes after having applied the seccomp profile and before starting the container, so they are essential to prevent us from getting permission errors when reusing the profile. However, we do not need to worry about that as the hook is clever enough to add these syscalls. Let’s run a few containers using the generated profile.

    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls / > /dev/null
    $ sudo podman run --security-opt seccomp=/tmp/ls.json fedora:30 ls -l / > /dev/null
    ls: cannot access '/': Operation not permitted

    Maybe you are as surprised as we were when first running this very example. It seems that ls uses additional syscalls with the -l flag which instructs ls to use a more verbose listing format. This example shows a limitation of our approach since the quality and completeness of the generated seccomp profile depends on the exhaustiveness when tracing, and that’s clearly something to keep in mind when using the hook. To avoid rerunning everything from scratch, the hook allows for the specification of an additional input file. This input file serves as a baseline to which all traced syscalls are added. This way, we do not need to redundantly run all, potentially time-costly, previous workloads but can add new data on top. Let’s try this out and rerun ls -l.

    $ sudo podman run --annotation io.containers.trace-syscall=”if:/tmp/ls.json;of:/tmp/lsl.json” fedora:30 ls -l / > /dev/null

    As mentioned above, we need root privileges for running the eBPF hook. But now, as we have generated the new seccomp profile, we can use it for running the same workload in a rootless container.

    $ id -u
    1000
    $ podman run --security-opt seccomp=/tmp/lsl.json fedora:30 ls -l / > /dev/null

    When can I lock down my container?

    One of the issues with attempting to generate seccomp profiles this way is that we cannot always be sure of having crossed all code paths that the container can potentially run. But if we have fairly extensive tests we should be able to gather a substantial amount of the syscalls for running the container within our CI/CD system. Now when we put our container into production, we can continue tracing the syscalls in the new environment. For example, if you use Kubernetes you could send the annotation down to CRI-O and it would run the hook. Now, we can periodically check if the generated profile has changed over time. If we do not see new syscalls added for a given amount of time, we can feel confident to start using the profile. If a container using the profile gets blocked from using a syscall, the kernel will continue to report these in the audit.log which allows us to manually look for missing syscalls.

    Try it out!

    It was essential for us to base our work on open standards, which is why we decided to use the hooks specified in the OCI runtime specification. This way, our approach works with OCI compliant container runtimes such as runc or crun. Furthermore, we did not want to tie the tracing feature to a specific container engine. We wanted different tools such as Podman, Docker, CRI-O or containerd to be able to use the hook to encourage collaboration across different communities. Hence, we chose to use an OCI runtime annotation (i.e., io.containers.trace-syscall) to trigger the hook which is a generally supported feature.

    As a next step, feel free to generate your own seccomp profiles with the oci-seccomp-bpf-hook. We would love to have feedback and always welcome contributions.

    - + \ No newline at end of file diff --git a/blogs/2019/10/15/new.html b/blogs/2019/10/15/new.html index 20733c165..a82074d4c 100644 --- a/blogs/2019/10/15/new.html +++ b/blogs/2019/10/15/new.html @@ -12,13 +12,13 @@ - +

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/Perona-PMM.html b/blogs/2019/10/23/Perona-PMM.html index dcdaaf949..d20acd005 100644 --- a/blogs/2019/10/23/Perona-PMM.html +++ b/blogs/2019/10/23/Perona-PMM.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/23/new.html b/blogs/2019/10/23/new.html index 797fa0ca3..c314d1552 100644 --- a/blogs/2019/10/23/new.html +++ b/blogs/2019/10/23/new.html @@ -12,13 +12,13 @@ - +

    PMM Server + podman&#58; Running a Container Without root Privileges

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    - + \ No newline at end of file diff --git a/blogs/2019/10/28/new.html b/blogs/2019/10/28/new.html index 1105cc791..a548cce64 100644 --- a/blogs/2019/10/28/new.html +++ b/blogs/2019/10/28/new.html @@ -12,13 +12,13 @@ - +

    Podman and NFS

    · One min read

    Adrian Reber wrote up a quick post on "Podman and NFS" here. In the article Adrian shows how he extended his HPC environment to us a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/2019/10/28/podman-with-nfs.html b/blogs/2019/10/28/podman-with-nfs.html index a88862c89..3ae70a376 100644 --- a/blogs/2019/10/28/podman-with-nfs.html +++ b/blogs/2019/10/28/podman-with-nfs.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ each host involved in the MPI job the specified container to /tmp/centos/containers.

    This enables me to use Podman in a even more HPC like environment where shared home directories are very common to share input and output data.

    - + \ No newline at end of file diff --git a/blogs/2019/10/29/new.html b/blogs/2019/10/29/new.html index f55d2513c..670cdc0af 100644 --- a/blogs/2019/10/29/new.html +++ b/blogs/2019/10/29/new.html @@ -12,13 +12,13 @@ - +

    First Look&#58; Rootless Containers and cgroup v2 on Fedora 31

    · One min read

    Want to allow your users without privileges to run a container securerly on your host? Then this post: First Look: Rootless Containers and cgroup v2 on Fedora 31 will show you how. It's quick, it's easy, it's secure and it won't even cost $19.99!

    - + \ No newline at end of file diff --git a/blogs/2019/10/29/podman-crun-f31.html b/blogs/2019/10/29/podman-crun-f31.html index bc1060224..6055e9105 100644 --- a/blogs/2019/10/29/podman-crun-f31.html +++ b/blogs/2019/10/29/podman-crun-f31.html @@ -12,13 +12,13 @@ - +

    First Look&#58; Rootless Containers and cgroup v2 on Fedora 31

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    The first bit of the work has to be done as either the root user or someone with root privileges. For this walkthrough I used the root user on the console and the first thing I did was to upgrade my Fedora 30 Virtual Machine (VM) to Fedora 31. If you want to install Fedora 31 directly, the beta version just became available at the time of this writing, you could do that instead. The steps to do the upgrade are:

    # dnf -y upgrade --refresh
    # dnf -y install dnf-plugin-system-upgrade
    # dnf -y system-upgrade download --releasever=31
    # dnf system-upgrade reboot

    After the machine finished rebooting, my VM was running Fedora 31 so now I needed to install Podman with dnf -y install podman. After that completes, verify that you have Podman Version 1.6.2 or higher.

    # podman version
    Version:            1.6.2
    RemoteAPI Version:  1
    Go Version:         go1.13.1
    OS/Arch:            linux/amd64

    Now I’m going to follow the steps in the Basic Setup and Use of Podman in a Rootless environments tutorial to do the configuration necessary to run rootless containers.

    Podman running rootless containers does have a few software dependencies. Most if not all of these should be installed for you on Fedora 31 by default, but just to verify I did:

    # dnf -y install slirp4netns fuse-overlayfs
    Last metadata expiration check: 0:02:26 ago on Sat 14 Sep 2019 07:56:03 PM EDT.
    Package slirp4netns-0.4.0-20.1.dev.gitbbd6f25.fc31.x86_64 is already installed.
    Package fuse-overlayfs-0.6.2-2.git67a4afe.fc31.x86_64 is already installed.
    Dependencies resolved.
    Nothing to do.
    Complete!

    Now the user namespaces need to be setup. Rootless Podman requires the user running it to have a range of UIDs and GIDs listed in the /etc/subuid and /etc/subgid files. These files control which UIDs and GIDs the user is allocated to use on the system. Depending upon how your user was first created, these files may already have entries in them for your user. If so, you don’t need to do anything else. If not, then you can edit either file directly, or you can use useradd to create the user and allocate entries in both files, or you can use the usermod command to allocate them for a preexisting user. In this example usermod has allocated the values from 10000 to 55537 for the local “tom” account to use in our system.

    # usermod -v 10000-65536 -w 10000-65536 tom

    # cat /etc/subuid
    tom:10000:55537

    # cat /etc/subgid
    tom:10000:55537

    If you have multiple users, you’ll need to be sure that the ranges that are assigned to them in either /etc/subuid or /etc/subgid don’t overlap or they could gain control of the other persons containers in that overlap.

    Now we’re done running with a privileged account. From here on out we can run as a non-privileged user, so I next opened up a new terminal and ssh’d into the host using the non-privileged ‘tom’ account:

    $ ssh tom@192.168.122.228
    tom@192.168.122.228's password:

    The first thing to do is to check for the crun command.

    # whereis crun
    crun: /usr/bin/crun /usr/share/man/man1/crun.1.gz

    The crun command is the runtime the allows for cgroup V2 support and is supplied starting with Fedora 31. Other container systems use the runc runtime. However, runc only supports cgroup V1. The cgroup kernel feature allows you to allocate resources such as CPU time, network bandwidth and system memory to a container. Version 1 of cgroup only supports containers that are run by root, while version 2 supports containers that are run by root or a non-privileged user.

    A few tweaks to the ‘tom’ account config files may be needed, in most cases these files will not need tweaking, but let’s verify them. The first up is libpod.conf and to get a default variant of that file, just run podman info first.

    $ podman info
    $ vi .config/containers/libpod.conf

    And if it’s not already set, set the runtime option in libpod.conf to “crun”.

    runtime = "crun"

    Then in .config/containers/storage.conf make sure the mount_program = “/usr/bin/fuse-overlayfs” line is uncommented.

    Just that easy, you’re ready to run Rootless Podman. See I told you I’m not like those other guys! Let’s try setting up a rootless container running httpd. Let’s create this Dockerfile in the local directory:

    $ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi:8.0

    MAINTAINER Podman Mailing List <podman@lists.podman.io>
    ENV DOCROOT=/var/www/html

    RUN yum --disableplugin=subscription-manager --nodocs -y install httpd \
      && yum --disableplugin=subscription-manager clean all \
      && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html

    EXPOSE 80

    CMD httpd -D FOREGROUND

    And now build using it:

    $  podman build -t myhttp .
    STEP 1: FROM registry.access.redhat.com/ubi8/ubi:8.0
    Getting image source signatures
    Copying blob 641d7cc5cbc4 done
    Copying blob c65691897a4d done
    Copying config 11f9dba4d1 done
    Writing manifest to image destination
    Storing signatures
    STEP 2: MAINTAINER Podman Mailing List <podman@lists.podman.io>
    bed974e664909b511f14e2cc21a59642c81fd1d958db12d7ef8fdc1e74f3d364
    STEP 3: ENV DOCROOT=/var/www/html
    5eee83e1e640a4aa2c5f39caa11c3a24ec22e37f99633c2ee9912e8f65a5ff81
    STEP 4: RUN yum --disableplugin=subscription-manager --nodocs -y install httpd   && yum --disableplugin=subscription-manager clean all   && echo "Hello from the httpd-parent container!" > ${DOCROOT}/index.html
    Red Hat Universal Base Image 8 (RPMs) - AppStre 1.0 MB/s | 2.3 MB     00:02
    Red Hat Universal Base Image 8 (RPMs) - BaseOS  769 kB/s | 754 kB     00:00
    Dependencies resolved.
    {A number of normal yum output lines removed for brevity}
    Installed:
      httpd-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
      apr-util-openssl-1.6.1-6.el8.x86_64
      apr-util-bdb-1.6.1-6.el8.x86_64
      apr-1.6.3-9.el8.x86_64
      apr-util-1.6.1-6.el8.x86_64
      httpd-tools-2.4.37-12.module+el8.0.0+4096+eb40e6da.x86_64
      mod_http2-1.11.3-3.module+el8.0.0+4096+eb40e6da.x86_64
      httpd-filesystem-2.4.37-12.module+el8.0.0+4096+eb40e6da.noarch
      mailcap-2.1.48-3.el8.noarch
      redhat-logos-httpd-80.7-1.el8.noarch

    Complete!
    16 files removed
    45fcaaf719615e97190bf38aa9d8d06e5437f0e10741343fd318777647584d6f
    STEP 5: EXPOSE 80
    865abb5a809cb0ffbc63fef2def892595fe54cfeffc67013a0096a5f0fff4b27
    STEP 6: CMD httpd -D FOREGROUND
    STEP 7: COMMIT myhttp
    f8d0bf10faa0460a111283a51d95e94421d1a46a21bca7f6f43a762469504593

    Now to verify the myhttp image has been created:

    $ podman images
    REPOSITORY                            TAG      IMAGE ID       CREATED         SIZE
    localhost/myhttp                      latest   a76baf5989a3   2 minutes ago   236 MB
    registry.access.redhat.com/ubi8/ubi   8.0      11f9dba4d1bc   5 weeks ago     216 MB

    Let’s now run our container and check that the http server is responding:

    $ podman run --detach --name myhttp_ctr localhost/myhttp 30d8b54f63c5d2a8ecbe30b56546082e32e701a87c98df81ee0d2565ed33db72
    $ curl localhost
    curl: (7) Failed to connect to localhost port 80: Connection refused

    But wait! Why did the curl command fail rather than return our index.html output from our webserver? That’s because we’re running a rootless container and the user running this container doesn’t have the privilege to connect to the container host’s port 80 for the webserver. So how can we be certain that the webserver is up and running? First let’s see if the container is up:

    $ podman ps
    CONTAINER ID  IMAGE                    COMMAND               CREATED        STATUS            PORTS  NAMES
    30d8b54f63c5  localhost/myhttp:latest  /bin/sh -c httpd ...  3 minutes ago  Up 3 minutes ago         myhttp_ctr

    The container appears to be up and running. Let’s exec into it and see if we can resolve the web server from inside of the container:

    $ podman exec -it myhttp_ctr /bin/bash
    bash-4.4# curl localhost
    Hello from the httpd-parent container!

    We’ve made contact with our web server from within the container. Granted this is not the most useful example from a real world side of things. However, it does show how a rootless container is able to run while the administrator of the host can build a good secure separation from the rootless container. Rootless containers keep unprivileged users from running or controlling things they should not on the host.

    Setting up a host to run rootless containers using Podman is a relatively painless process. Out of the box the only thing that may need to be done is to add entries in the /etc/subuid and /etc/subgid files for users that will be running containers. That’s it! We did a little more checking on the files above, but that wasn’t required. Once the user has those entries created for them, they can run containers in their own space without controlling things on the host that they should not. It really is just that easy, and best yet, you didn’t even have to stay up late at night so you could call now “For just $19.99 we’ll give you rootless containers and if you sign up now, you can run them safely too!”. Instead, rootless containers are there and ready for your use starting in Podman v1.6.2 right now.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/cgroupv2.html b/blogs/2019/10/31/cgroupv2.html index 88e86a676..1468010e9 100644 --- a/blogs/2019/10/31/cgroupv2.html +++ b/blogs/2019/10/31/cgroupv2.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/10/31/new.html b/blogs/2019/10/31/new.html index 8d8bf7872..ea8dbf5f9 100644 --- a/blogs/2019/10/31/new.html +++ b/blogs/2019/10/31/new.html @@ -12,13 +12,13 @@ - +

    The current adoption status of cgroup v2 in containers

    · One min read

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    - + \ No newline at end of file diff --git a/blogs/2019/11/05/docker2podman.html b/blogs/2019/11/05/docker2podman.html index 25c13bc43..3770d2c5d 100644 --- a/blogs/2019/11/05/docker2podman.html +++ b/blogs/2019/11/05/docker2podman.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/05/new.html b/blogs/2019/11/05/new.html index f933ca75a..8faafc753 100644 --- a/blogs/2019/11/05/new.html +++ b/blogs/2019/11/05/new.html @@ -12,13 +12,13 @@ - +

    Migrating from Docker to Podman

    · One min read

    Elliott Sales de Andrade's post on Quantum Logic, Migrating from Docker to Podman takes a look at his migration from Docker to Podman and a good assessment of where the Podman tool stands in comparison to Docker.

    - + \ No newline at end of file diff --git a/blogs/2019/11/07/basic-security-principles.html b/blogs/2019/11/07/basic-security-principles.html index 09ede14d4..56d790d37 100644 --- a/blogs/2019/11/07/basic-security-principles.html +++ b/blogs/2019/11/07/basic-security-principles.html @@ -12,13 +12,13 @@ - +

    Basic security principles for containers and container runtimes

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/2019/11/07/new.html b/blogs/2019/11/07/new.html index 28d3e99c0..0cd9691b1 100644 --- a/blogs/2019/11/07/new.html +++ b/blogs/2019/11/07/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/08/build-ctrs-with-open-tools.html b/blogs/2019/11/08/build-ctrs-with-open-tools.html index 7a08c887a..2f6e8391a 100644 --- a/blogs/2019/11/08/build-ctrs-with-open-tools.html +++ b/blogs/2019/11/08/build-ctrs-with-open-tools.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/08/new.html b/blogs/2019/11/08/new.html index e8af1bf9e..065f21aa8 100644 --- a/blogs/2019/11/08/new.html +++ b/blogs/2019/11/08/new.html @@ -12,13 +12,13 @@ - +

    Building freely distributed containers with open tools

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/2019/11/12/F31-Control-Group-v2.html b/blogs/2019/11/12/F31-Control-Group-v2.html index 79d5d88b6..b750a859e 100644 --- a/blogs/2019/11/12/F31-Control-Group-v2.html +++ b/blogs/2019/11/12/F31-Control-Group-v2.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/12/new.html b/blogs/2019/11/12/new.html index fd16d6460..1518852d3 100644 --- a/blogs/2019/11/12/new.html +++ b/blogs/2019/11/12/new.html @@ -12,13 +12,13 @@ - +

    Fedora 31 and Control Group v2

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Fedora 31 and Control Group v2. In the post Dan talks about the new version of control groups that is part of the Fedora 31 release and how it makes containers even more secure.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/lease-routable-ip-addrs.html b/blogs/2019/11/13/lease-routable-ip-addrs.html index 9280e4742..7c07cd908 100644 --- a/blogs/2019/11/13/lease-routable-ip-addrs.html +++ b/blogs/2019/11/13/lease-routable-ip-addrs.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/13/new.html b/blogs/2019/11/13/new.html index ca7900c3d..f53209718 100644 --- a/blogs/2019/11/13/new.html +++ b/blogs/2019/11/13/new.html @@ -12,13 +12,13 @@ - +

    Leasing routable IP addresses with Podman containers

    · One min read

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/new.html b/blogs/2019/11/20/new.html index af8e390a9..a4bea34e3 100644 --- a/blogs/2019/11/20/new.html +++ b/blogs/2019/11/20/new.html @@ -12,13 +12,13 @@ - +

    How To Install Podman on Debian

    · One min read

    Josphat Mutai posted a blog post on the Computing for Geeks site talking about How To Install Podman on Debian. In the post Josphat walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Debian and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2019/11/20/run-podman-on-debian.html b/blogs/2019/11/20/run-podman-on-debian.html index bbb8b99f9..ff1351253 100644 --- a/blogs/2019/11/20/run-podman-on-debian.html +++ b/blogs/2019/11/20/run-podman-on-debian.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/11/26/new.html b/blogs/2019/11/26/new.html index 4b1394c1c..80dafaf21 100644 --- a/blogs/2019/11/26/new.html +++ b/blogs/2019/11/26/new.html @@ -12,13 +12,13 @@ - +

    Rootless Podman and NFS

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time about Rootless Podman and NFS. In the post Dan talks about how you can make some minor configuration changes to allow Podman to use a user's home directory on an NFS share. Give it a read!

    - + \ No newline at end of file diff --git a/blogs/2019/11/26/rootless-podman-and-nfs.html b/blogs/2019/11/26/rootless-podman-and-nfs.html index 6e243504f..3e662ea37 100644 --- a/blogs/2019/11/26/rootless-podman-and-nfs.html +++ b/blogs/2019/11/26/rootless-podman-and-nfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2019/12/11/new.html b/blogs/2019/12/11/new.html index 0f0cff707..e2c13b5d5 100644 --- a/blogs/2019/12/11/new.html +++ b/blogs/2019/12/11/new.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/11/understanding-root.html b/blogs/2019/12/11/understanding-root.html index 78deb7e84..8b5d1e6d1 100644 --- a/blogs/2019/12/11/understanding-root.html +++ b/blogs/2019/12/11/understanding-root.html @@ -12,13 +12,13 @@ - +

    Understanding root inside and outside a container

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/new.html b/blogs/2019/12/14/new.html index 3e5c45f1c..c07bd6495 100644 --- a/blogs/2019/12/14/new.html +++ b/blogs/2019/12/14/new.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/14/rhel8-podman.html b/blogs/2019/12/14/rhel8-podman.html index 32c5c8638..a9e24d3a2 100644 --- a/blogs/2019/12/14/rhel8-podman.html +++ b/blogs/2019/12/14/rhel8-podman.html @@ -12,13 +12,13 @@ - +

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/new.html b/blogs/2019/12/17/new.html index 4d0019ff8..f3839a724 100644 --- a/blogs/2019/12/17/new.html +++ b/blogs/2019/12/17/new.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2019/12/17/podman-systemd-1-7.html b/blogs/2019/12/17/podman-systemd-1-7.html index 180fe0601..14fee21ba 100644 --- a/blogs/2019/12/17/podman-systemd-1-7.html +++ b/blogs/2019/12/17/podman-systemd-1-7.html @@ -12,13 +12,13 @@ - +

    Running containers with Podman and shareable systemd services

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html index 748f833f6..00a078bd4 100644 --- a/blogs/2020/01/15/bioinformatics-with-rootless-podman.html +++ b/blogs/2020/01/15/bioinformatics-with-rootless-podman.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ I found that Podman is very easy to interact with and created a Dockerfile. This is a list of commands in a text file that controls what gets installed. Create a new directory - in this case whatshap, to put the Dockerfile in:

    [nbh23@colombo whatshap]$ cat Dockerfile
    FROM registry.access.redhat.com/ubi8/ubi
    RUN yum -y update \
    && yum -y install python3 \
    && yum -y install make \
    && yum -y install gcc \
    && yum -y install redhat-rpm-config \
    && yum -y install zlib-devel \
    && yum -y install bzip2-devel \
    && yum -y install xz-devel \
    && yum -y install python3-devel \
    && yum clean all
    RUN pip3 install pysam && pip3 install whatshap

    Then we build the container image - from within the whatshap directory run:

    podman build -t whatshap .

    Notice the '.' at the end, that's important!

    You'll see the container image start to build, with notifications of where it's at. If all goes to plan you will then finally see notification that it's completed:

    STEP 4: COMMIT whatshap
    d523727fc6c297086e84e7ec99f62e8f5e6d093d9decb1b58ee8a4205d46b3dd

    We can then check it works:

    [nbh23@colombo whatshap]$ podman run -it whatshap
    [root@ac05564bd51b /]# whatshap -h
    usage: whatshap [-h] [--version] [--debug]
                    {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype} ...

    positional arguments:
      {phase,stats,compare,hapcut2vcf,unphase,haplotag,genotype}
        phase               Phase variants in a VCF with the WhatsHap algorithm
        stats               Print phasing statistics of a single VCF file
        compare             Compare two or more phasings
        hapcut2vcf          Convert hapCUT output format to VCF
        unphase             Remove phasing information from a VCF file
        haplotag            Tag reads by haplotype
        genotype            Genotype variants

    optional arguments:
      -h, --help            show this help message and exit
      --version             show program's version number and exit
      --debug               Print debug messages
    [root@ac05564bd51b /]#

    Which all looks good - we now have our container image and can re-run that to do our whatshap analysis.

    All well and good, but what happens about storage of that analysis?

    We can add that to our Podman command, if we have a directory called data in /home we can map that as follows:

    podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap

    The nice thing is that the UID and GID for files created this way all match up. The trailing :z makes selinux happy :-)

    [nbh23@colombo whatshap]$ podman run -v /home/nbh23/data:/home/nbh23:z -it whatshap
    [root@fef561d523b8 /]# ls
    bin  boot  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
    [root@fef561d523b8 /]# cd /home
    [root@fef561d523b8 home]# ls
    nbh23
    [root@fef561d523b8 home]# cd nbh23
    [root@fef561d523b8 nbh23]# touch testfile
    [root@fef561d523b8 nbh23]# ls -la
    total 0
    drwxrwxr-x. 2 root root 22 Jan 21 09:09 .
    drwxr-xr-x. 3 root root 19 Jan 21 09:09 ..
    -rw-r--r--. 1 root root  0 Jan 21 09:09 testfile
    [root@fef561d523b8 nbh23]# exit
    [nbh23@colombo ~]$ ls
    Containers  data  Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
    [nbh23@colombo ~]$ cd data
    [nbh23@colombo data]$ ls -la
    total 4
    drwxrwxr-x.  2 nbh23 nbh23   22 Jan 21 09:09 .
    drwx------. 17 nbh23 nbh23 4096 Jan 21 09:07 ..
    -rw-r--r--.  1 nbh23 nbh23    0 Jan 21 09:09 testfile
    [nbh23@colombo data]$

    One of the things I discovered whilst creating a more complex container image was that you can start the existing image into a bash session, doing the manipulation that you require, and then use the Podman commit command to write those changes. For example using our whatshap container image we can run it as follows:

    [nbh23@colombo data]$ podman run -it whatshap bash
    [root@73c4742e4724 /]#

    We can then make our alterations, and from another session commit those changes:

    [nbh23@colombo ~]$ podman commit 73c4742e4724 whatshap-altered
    Getting image source signatures
    Copying blob c630f5c3e169 skipped: already exists
    Copying blob 4bd7408cc1c8 skipped: already exists
    Copying blob 1383f0e3c813 skipped: already exists
    Copying blob a2ff5e229058 skipped: already exists
    Copying blob b75bf3e68dab done
    Copying config 931b7f5302 done
    Writing manifest to image destination
    Storing signatures
    931b7f5302af9965bff14e460c19ff9e756d74095940c6d85e63f929006c35f0
    [nbh23@colombo ~]$

    Then do podman image list to see what we have:

    [nbh23@colombo ~]$ podman image list
    REPOSITORY                            TAG      IMAGE ID       CREATED              SIZE
    localhost/whatshap-altered            latest   931b7f5302af   About a minute ago   545 MB
    localhost/whatshap                    latest   d523727fc6c2   3 days ago           545 MB
    registry.access.redhat.com/ubi8/ubi   latest   096cae65a207   5 weeks ago          239
    [nbh23@colombo ~]$

    You can make multiple changes to your original container image until you are satisfied that it's working as you'd like.

    This has covered command line container image creation and usage, I'll be creating another blog post detailing graphical interactive containers as i'm aware that there are various interactive visual programs to cover too.

    Feel free to contact me with any ideas or suggestions / questions.

    - + \ No newline at end of file diff --git a/blogs/2020/01/15/new.html b/blogs/2020/01/15/new.html index 3045d8129..b1148f32b 100644 --- a/blogs/2020/01/15/new.html +++ b/blogs/2020/01/15/new.html @@ -12,13 +12,13 @@ - +

    Bioinformatics and rootless containers with Podman

    · One min read

    Bryan Hepworth demonstrating how to create a rootless container image for a Bioinformatics program here.

    - + \ No newline at end of file diff --git a/blogs/2020/01/17/new.html b/blogs/2020/01/17/new.html index 4fb96e802..69c338581 100644 --- a/blogs/2020/01/17/new.html +++ b/blogs/2020/01/17/new.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    - + \ No newline at end of file diff --git a/blogs/2020/01/17/podman-new-api.html b/blogs/2020/01/17/podman-new-api.html index 680b54e14..5cbd2554a 100644 --- a/blogs/2020/01/17/podman-new-api.html +++ b/blogs/2020/01/17/podman-new-api.html @@ -12,13 +12,13 @@ - +

    New API coming for Podman

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    The new API is a simpler implementation based on HTTP/REST. We provide two basic groups of endpoints. The first one is for libpod; the second is for Docker compatibility, to ease adoption. The two endpoints are namespaced to keep them separate. Our goal with implementing a portion of the Docker API, is to be as compatible as possible; while similar calls in the libpod API might bring back additional libpod specific information.

    While these two endpoints work similarly, there are important and somewhat nuanced differences. The Docker API endpoint is useful for existing automation tied to that API and potentially tools like docker-compose.

    Example

    If you wanted a list of images with the libpod endpoint, you would use the following endpoint:

    <endpoint_base_url>/libpod/images/json

    And if you wanted a list of images but in docker-compatibility, you would use:

    <endpoint_base_url>/images/json

    In our proof of concepts, we have tested our endpoint with the docker-py project. There are of course subtle differences which we are still working on. And there are compatibility endpoints that we can not support like swarm which Podman does not support.

    We are working on a set of Golang bindings for the libpod endpoints. Eventually these bindings will be used to rewire our remote client. The rewire begins after all the libpod endpoints are working and have tests. We plan on working with the upstream community on podman-python support for the new libpod API, enabling python developers fully support for using podman containers.

    As for the existing varlink code, it has been in maintenance mode already. We will continue to address bugs but no new functionality will be developed. Once the new API is fully implemented, we plan to make a deprecation announcement.

    We are hopeful these changes help our users and larger community. We hope that the new API helps encourage contributors to help us complete the API as well as write bindings. Look for more information in the near future including status updates as well as how-tos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/22/blog-posts.html b/blogs/2020/01/22/blog-posts.html index de6124fd4..f27d36ede 100644 --- a/blogs/2020/01/22/blog-posts.html +++ b/blogs/2020/01/22/blog-posts.html @@ -12,13 +12,13 @@ - +

    Blog posts from the Web

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    - + \ No newline at end of file diff --git a/blogs/2020/01/22/new.html b/blogs/2020/01/22/new.html index 8dbe92abd..92458765b 100644 --- a/blogs/2020/01/22/new.html +++ b/blogs/2020/01/22/new.html @@ -12,13 +12,13 @@ - +

    Blog posts from the Web

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    - + \ No newline at end of file diff --git a/blogs/2020/01/30/new.html b/blogs/2020/01/30/new.html index 328821f49..5a71712d4 100644 --- a/blogs/2020/01/30/new.html +++ b/blogs/2020/01/30/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/01/30/podman-wsl.html b/blogs/2020/01/30/podman-wsl.html index f1c2d05f4..e5448cf0c 100644 --- a/blogs/2020/01/30/podman-wsl.html +++ b/blogs/2020/01/30/podman-wsl.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/02/06/deploy-pod-on-centos.html b/blogs/2020/02/06/deploy-pod-on-centos.html index 48a9defa5..139f954d3 100644 --- a/blogs/2020/02/06/deploy-pod-on-centos.html +++ b/blogs/2020/02/06/deploy-pod-on-centos.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/02/06/new.html b/blogs/2020/02/06/new.html index 29bac923f..57735352d 100644 --- a/blogs/2020/02/06/new.html +++ b/blogs/2020/02/06/new.html @@ -12,13 +12,13 @@ - +

    Deploy a Pod on CentOS with Podman

    · One min read

    Jack Wallen has a blog post on the THENEWSTACK site with a great introduction on how to Deploy a Pod on CentOS with Podman. In the post, Jack talks about how Podman fits in the Red Hat ecosystem and then walks you through the fundamentals of creating and running a pod using Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/02/07/new.html b/blogs/2020/02/07/new.html index 7a7be39cd..60f16125e 100644 --- a/blogs/2020/02/07/new.html +++ b/blogs/2020/02/07/new.html @@ -12,13 +12,13 @@ - +

    6 guides on making containers secure

    · One min read

    Dan Walsh has another blog post on the Red Hat Enable Sysadmin site this time he's writing about 6 guides on making containers secure. It's a quick article with pointers to other blog posts showing how to secure your containers.

    - + \ No newline at end of file diff --git a/blogs/2020/02/07/secure-containers.html b/blogs/2020/02/07/secure-containers.html index c4f602882..5c5fcf55b 100644 --- a/blogs/2020/02/07/secure-containers.html +++ b/blogs/2020/02/07/secure-containers.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/03/02/building-with-podman-and-buildah.html b/blogs/2020/03/02/building-with-podman-and-buildah.html index 28e651074..14dabf761 100644 --- a/blogs/2020/03/02/building-with-podman-and-buildah.html +++ b/blogs/2020/03/02/building-with-podman-and-buildah.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/03/02/new.html b/blogs/2020/03/02/new.html index 61fd414af..df5b0ae0c 100644 --- a/blogs/2020/03/02/new.html +++ b/blogs/2020/03/02/new.html @@ -12,13 +12,13 @@ - +

    Building Container Images with Podman and Buildah

    · One min read

    We were just pointed to this post Building Container Images with Podman and Buildah by Puja Abbassi on the Giant Swarm site. In the article Puja goes over how Podman and Buildah handle daemonless and rootless building processes. A tardy link on this site, but worth a read!

    - + \ No newline at end of file diff --git a/blogs/2020/03/03/behind-the-covers.html b/blogs/2020/03/03/behind-the-covers.html index 40e974732..4bd755d1d 100644 --- a/blogs/2020/03/03/behind-the-covers.html +++ b/blogs/2020/03/03/behind-the-covers.html @@ -12,13 +12,13 @@ - +

    What happens behind the scenes of a rootless Podman container?

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/2020/03/03/new.html b/blogs/2020/03/03/new.html index 68c844e79..91f41cfe8 100644 --- a/blogs/2020/03/03/new.html +++ b/blogs/2020/03/03/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/03/13/image-signing.html b/blogs/2020/03/13/image-signing.html index 9f9cfe5b9..07746373b 100644 --- a/blogs/2020/03/13/image-signing.html +++ b/blogs/2020/03/13/image-signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/build-pull-options.html b/blogs/2020/03/31/build-pull-options.html index eb8ff755a..657471a33 100644 --- a/blogs/2020/03/31/build-pull-options.html +++ b/blogs/2020/03/31/build-pull-options.html @@ -12,13 +12,13 @@ - +

    Pulling podman images from a container repository

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/03/31/new.html b/blogs/2020/03/31/new.html index 8c8dc62c1..eeb7165fa 100644 --- a/blogs/2020/03/31/new.html +++ b/blogs/2020/03/31/new.html @@ -12,13 +12,13 @@ - +

    Pulling podman images from a container repository

    · One min read

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/04/04/convert-docker-compose-to-pods.html b/blogs/2020/04/04/convert-docker-compose-to-pods.html index 76f1610eb..79a9643f0 100644 --- a/blogs/2020/04/04/convert-docker-compose-to-pods.html +++ b/blogs/2020/04/04/convert-docker-compose-to-pods.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/04/04/new.html b/blogs/2020/04/04/new.html index 819a44707..76270eca7 100644 --- a/blogs/2020/04/04/new.html +++ b/blogs/2020/04/04/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html index 6bd124b47..22304a04f 100644 --- a/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html +++ b/blogs/2020/04/05/managing-podman-pods-with-pods-compose.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/04/05/new.html b/blogs/2020/04/05/new.html index ecb1aa9ea..54bf66db2 100644 --- a/blogs/2020/04/05/new.html +++ b/blogs/2020/04/05/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/04/14/new.html b/blogs/2020/04/14/new.html index a049ae107..2175fbafe 100644 --- a/blogs/2020/04/14/new.html +++ b/blogs/2020/04/14/new.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd. We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker. Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/14/podman-systemd.html b/blogs/2020/04/14/podman-systemd.html index 95d81700a..a0721f430 100644 --- a/blogs/2020/04/14/podman-systemd.html +++ b/blogs/2020/04/14/podman-systemd.html @@ -12,13 +12,13 @@ - +

    Dockerless&#58; Build and Run Containers with Podman and systemd

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/new.html b/blogs/2020/04/16/new.html index 6e9c14d2b..3d6bec77e 100644 --- a/blogs/2020/04/16/new.html +++ b/blogs/2020/04/16/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/04/16/podman-v2-announce.html b/blogs/2020/04/16/podman-v2-announce.html index 43f0d3b4e..e579d44cd 100644 --- a/blogs/2020/04/16/podman-v2-announce.html +++ b/blogs/2020/04/16/podman-v2-announce.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/2020/04/17/new.html b/blogs/2020/04/17/new.html index de12be0d7..e7f54df59 100644 --- a/blogs/2020/04/17/new.html +++ b/blogs/2020/04/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/05/06/new.html b/blogs/2020/05/06/new.html index 0f06ce26f..357378822 100644 --- a/blogs/2020/05/06/new.html +++ b/blogs/2020/05/06/new.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/06/podman-in-french.html b/blogs/2020/05/06/podman-in-french.html index 1c699fcfe..04aea8824 100644 --- a/blogs/2020/05/06/podman-in-french.html +++ b/blogs/2020/05/06/podman-in-french.html @@ -12,13 +12,13 @@ - +

    Podman installation documentation in French

    · One min read

    podman logo

    Podman installation documentation in French

    Est-ce que tu parles français? Le mien est horrible. But if your abilities to read and speak French is better than mine, check out this website that I was just pointed to. Installation podman sur CentOS 8 by Bilal Kalem shows you how to install Podman on Centos 8. If nothing else, check out the graphic at the top of the page!

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/new.html b/blogs/2020/05/13/new.html index 34c689ccb..bad948a6b 100644 --- a/blogs/2020/05/13/new.html +++ b/blogs/2020/05/13/new.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/05/13/podman-v2-update.html b/blogs/2020/05/13/podman-v2-update.html index de4388d97..bf9ef2b9c 100644 --- a/blogs/2020/05/13/podman-v2-update.html +++ b/blogs/2020/05/13/podman-v2-update.html @@ -12,13 +12,13 @@ - +

    Update on Podman v2

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/new.html b/blogs/2020/06/29/new.html index 2afe723e0..e07cf9f01 100644 --- a/blogs/2020/06/29/new.html +++ b/blogs/2020/06/29/new.html @@ -12,14 +12,14 @@ - +

    Announcing Podman v2.0

    · One min read

    Announcing Podman v2.0!

    Podman v2.0 is here! Brent Baude talks about the major highlights of the new release, including the new RESTful API, remote client improvements, Auto-update functionality and systemd integration improvements. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/2020/06/29/podman-v2-announce.html b/blogs/2020/06/29/podman-v2-announce.html index f3d099d36..4b951d14a 100644 --- a/blogs/2020/06/29/podman-v2-announce.html +++ b/blogs/2020/06/29/podman-v2-announce.html @@ -12,13 +12,13 @@ - +

    Announcing Podman v2.0

    · 4 min read

    podman logo

    Announcing Podman v2

    By Brent Baude GitHub

    If you have been following the upstream development of Podman, you have undoubtedly seen us refer to “2.0” or “Podman 2”. Today, we have made the first release of Podman 2 upstream. The release notes highlight many of the newest features but we wanted to call out some specific things in this blog and expand on them.

    “Pay no attention to the man behind the curtain”

    Most of the changes to the new Podman should be transparent to end users. We did a significant amount of replumbing in our internals to allow for future enhancements and more closely align many of the code paths. There are some subtle changes to the outputs of some commands and fields within JSON formatted responses. They were largely done to create more consistency amongst our commands as well as driven by user feedback.

    RESTful API

    The biggest change in Podman 2 is our introduction of a RESTful API to interact with our libraries. In actuality, the RESTful service was present in earlier versions but was tagged experimental. We have also deprecated the previous API implementation based on varlink. We will publish more specific blogs and tutorials on how to use the API but consider this a little introduction.

    The API was designed to have two layers: libpod and compatibility. The libpod layer allows you to interact directly with the libpod libraries. The compatibility layer is designed to emulate the Docker RESTful API to assist in migration of tools, applications, and services long-term to libpod. This can be made clearer with an example. Consider inspecting a container called ‘foobar’ with each layer. The endpoint paths would differ depending on the layers.

    /v1.24/containers/foobar   ← compatibility call
    /v1.0/libpod/containers/foobar  ← libpod call

    Furthermore, the results of each call will differ. The compatibility result will closely emulate the response from Docker.

    Our preference is that people writing new code to interact with Podman should use the libpod layer only. This is a more sound long term strategy. But for people that need to migrate to Podman, the compatibility layer allows for a quick on-boarding. There are of course Docker endpoints we cannot or choose not to emulate due to incompatibities between Docker and Podman. Nevertheless, we have already seen some field success in migration of applications.

    In keeping with Podman’s history the restful API will work in both rootless and rootful mode. If you run in rootful mode, the podman service will listen on /run/podman/podman.sock and rootless is $XDG_RUNTIME_DIR/podman/podman.sock (for example: /run/user/1000/podman/podman.sock). If you install the podman-docker package, the package will set up a link between run/docker/docker.sock and /run/podman/podman.sock.

    Remote clients

    One of the consequences of our re-plumbing work is that our remote clients for Windows, Mac, and Linux are significantly smaller in size. The interface for the remote client connection has also changed to more of a URI format. As a matter of process, we attach a binary version of the remote clients to each release.

    It is also worth noting that a ‘--remote’ flag has been added to the Podman binary to allow it to act as a remote client.

    Auto-update

    The podman auto-update command allows for updating systemd-managed running containers when their images have been updated on the container registry. While it is still a tech preview in Podman v2.0, we added a number of improvements to better support authentication and to select the correct images on ARM. If you’re interested in auto updates, please check them out and let us know what you think.

    systemd Integration Improvements

    A major improvement for Podman’s systemd support is that podman generate systemd now supports using the --new flag on pods. This allows for creating shareable systemd units not only for containers but also for pods. Additionally, we added a number of changes to make the systemd units more robust and reliable, such as cleanly starting after a system crash and clean shutdowns even when conmon has been killed. The names of generated files can further be altered with the new --container-prefix and --pod-prefix flags.

    Conclusion

    This is a major new version of Podman with the goal to support all of your local container engine needs. We sincerely hope that the new features meet your needs. We continue to develop new content based on the API including new bits to the API itself. Before making too many more changes, we will let Podman “bake” for a while before the next radical functions are added.

    We would love to hear your feedback and look forward to working with the community on giving Podman users and developers the best container experience. Remember upstream Podman development usually hangs out on #podman on Freenode and on the Podman mailing list.

    - + \ No newline at end of file diff --git a/blogs/2020/07/01/new.html b/blogs/2020/07/01/new.html index dbd52a233..480d25ccc 100644 --- a/blogs/2020/07/01/new.html +++ b/blogs/2020/07/01/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/01/rest-versioning.html b/blogs/2020/07/01/rest-versioning.html index bf7832f3e..f28cd79b6 100644 --- a/blogs/2020/07/01/rest-versioning.html +++ b/blogs/2020/07/01/rest-versioning.html @@ -12,13 +12,13 @@ - +

    Podman REST API and Docker compatibility

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    When we developed the compatibility API layer, we targeted the latest released version of the Docker API, v1.40. Within this version, we aimed to implement all endpoints, with the exception of those used for Swarm(1). Podman is not a tool for managing clusters, and does not intend to become one. We recognize that many existing tools do not target this specific Docker API version, and these are occasionally breaking changes in the Docker API that may make using the newest API impossible. The core Podman team cannot commit to being bug-for-bug compatible with every version of the Docker API. The Podman team commits to fixing bugs related to the latest version of Docker API. We may fix bugs with older versions that affect many users. As a community project, we gladly accept help here - if you find bugs that prevent Podman from working with a specific API version you use and are willing to fix them, we’re always happy to accept patches!

    We’re very excited by the possibilities the new Podman API offers, and encourage everyone to try it out. Question and bug reports are always welcome at our Github page or our email list.

    1. The Podman team believes the best tool for container orchestration is Kubernetes. The podman generate kube and podman play kube ease developer transitioning from single node containers/pods to full Kubernetes workloads.
    - + \ No newline at end of file diff --git a/blogs/2020/07/07/new.html b/blogs/2020/07/07/new.html index bb7a71b07..3429afea2 100644 --- a/blogs/2020/07/07/new.html +++ b/blogs/2020/07/07/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/07/repo-rename.html b/blogs/2020/07/07/repo-rename.html index a69ee49c8..ff3018a3b 100644 --- a/blogs/2020/07/07/repo-rename.html +++ b/blogs/2020/07/07/repo-rename.html @@ -12,13 +12,13 @@ - +

    The Podman repository has been renamed

    · 2 min read

    podman logo

    The Podman repository has been renamed

    By Matthew Heon GitHub

    The Podman repository on Github is moving from github.com/containers/libpod to github.com/containers/podman! Read on to find out why, and how it will affect you.

    Three years ago, we created a new Git repository to hold our new container-management tool and the library it was based on. At the time, Podman was not named Podman, but kpod - a name no one on the team liked, and one we’d hoped to replace quickly. Given this, we decided to name the repository after the library we’d written to manage containers - libpod. Four months after that, we made the first public release of the tool, and with it came a new name - Podman (POD MANager). The rest is, as they say, history. The Podman team is incredibly grateful for the success we’ve seen since then, and the way that the community has grown.

    With the release of Podman 2.0, we decided it was a good time to for the rename our repository to better match how it’s used today. We’ve decided to rename our Github repository from containers/libpod to containers/podman. The libpod name made sense when we first made the repository, but it hasn’t been the focus of development for some time. We’ve actually been considering moving the libpod library into a separate repository, to make it easier to include in our other tools (and it would be very confusing for containers/libpod to not include libpod!). Given this, and the fact that there are far more users of Podman the tool than libpod the library, renaming the repository makes a great deal of sense.

    Finally, this rename helps make the repository more discoverable - it’s hard for a new Podman user to know that issues should be filed against containers/libpod since they probably don’t know what libpod is.

    We don’t expect this move will break anyone’s workflow. Github will ensure that the old URLs redirect to the new location, so access to the repo itself, as well as our issues and pull requests, should be unaffected.

    - + \ No newline at end of file diff --git a/blogs/2020/07/16/new.html b/blogs/2020/07/16/new.html index a14ac4a2a..7c7557e84 100644 --- a/blogs/2020/07/16/new.html +++ b/blogs/2020/07/16/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/16/podman-and-cron.html b/blogs/2020/07/16/podman-and-cron.html index eb5e83fe9..597542492 100644 --- a/blogs/2020/07/16/podman-and-cron.html +++ b/blogs/2020/07/16/podman-and-cron.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/additional-image-stores.html b/blogs/2020/07/17/additional-image-stores.html index eaaab63d6..5c9d447b6 100644 --- a/blogs/2020/07/17/additional-image-stores.html +++ b/blogs/2020/07/17/additional-image-stores.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/17/new.html b/blogs/2020/07/17/new.html index 772888208..a0c279d43 100644 --- a/blogs/2020/07/17/new.html +++ b/blogs/2020/07/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/18/new.html b/blogs/2020/07/18/new.html index f3f7e6fd7..a2c56fb2b 100644 --- a/blogs/2020/07/18/new.html +++ b/blogs/2020/07/18/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/07/18/speed-up-build-with-overlayfs.html b/blogs/2020/07/18/speed-up-build-with-overlayfs.html index f821a78e7..69b41e3ec 100644 --- a/blogs/2020/07/18/speed-up-build-with-overlayfs.html +++ b/blogs/2020/07/18/speed-up-build-with-overlayfs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html index 20f32061e..f3523d5c0 100644 --- a/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html +++ b/blogs/2020/08/01/deprecate-and-remove-varlink-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman is considered to be deprecated. If there are issues with the Podman API v1.0 in versions of Podman prior to v2.0 and those versions are still under support on Red Hat Enterprise Linux (RHEL), the Podman team will make a best effort to address those issues. However, no new feature requests for the API v1.0 will be considered and any problems found with the API v1.0 in Podman v2.0 will not be addressed.

    The new Podman v2.0 RESTful API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. The new API works in both a rootful and a rootless environment. It is a much more flexible solution and Podman will not have a dependency on another project in order to supply an API. For more information on the Podman v2.0 RESTful API please see articles on the podman.io site and also the documentation for the Podman v2.0 RESTful API here.

    Distributions have to support services for the length of their support agreements. The Podman development team wants to be free to update the version of Podman during this support cycle. Therefore, we are planning to drop support for Podman API v1.0 from distributions Red Hat is the packagers for. The version of Podman, 2.*, which is contained in Fedora 33, scheduled to be released around Oct 31, 2020, will ship with no varlink support. We also plan to drop support from the RHEL8.4 release, spring 2021. Other distributions like OpenSUSE have already disabled varlink support and we have heard that other distributions will follow suit.

    This also serves as a notification that the Podman v1.0 (varlink) API will be removed from the main GitHub branch of Podman in the near future. With the release of Podman v2.0 the Podman developers deprecated the Podman API v1.0 in favor of the new Podman v2.0 RESTful API. The plan is to remove varlink completely from the Podman v3.0 development branch which will be created some time after September 2020. A 30 day notification of the final removal date will be posted on the podman.io site and also on the Podman mailing list, along with social media once it is definitively determined.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/08/01/new.html b/blogs/2020/08/01/new.html index bb7543f0d..f97eebe3e 100644 --- a/blogs/2020/08/01/new.html +++ b/blogs/2020/08/01/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/02/new.html b/blogs/2020/08/02/new.html index ba7b58d14..81b8904c0 100644 --- a/blogs/2020/08/02/new.html +++ b/blogs/2020/08/02/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/02/systemd-integration-v2.html b/blogs/2020/08/02/systemd-integration-v2.html index 8e2fe17a2..a29498e95 100644 --- a/blogs/2020/08/02/systemd-integration-v2.html +++ b/blogs/2020/08/02/systemd-integration-v2.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/10/new.html b/blogs/2020/08/10/new.html index 56e6f9dee..de3d72a4b 100644 --- a/blogs/2020/08/10/new.html +++ b/blogs/2020/08/10/new.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/2020/08/10/podman-go-bindings.html b/blogs/2020/08/10/podman-go-bindings.html index 8020ebd58..03cad8306 100644 --- a/blogs/2020/08/10/podman-go-bindings.html +++ b/blogs/2020/08/10/podman-go-bindings.html @@ -12,7 +12,7 @@ - + @@ -71,7 +71,7 @@ It also includes a section on the RESTful API.

    Contribute

    Acknowledgments

    • This blog post was co-authored by Parker Van Roy, currently interning at Red Hat for summer 2020.

    • Thanks to Brent Baude for the initial blog post suggestion and reviews.

    • Thanks to Tom Sweeney, Valentin Rothberg, Dan Walsh and the entire Podman team for their reviews and insightful comments.

    - + \ No newline at end of file diff --git a/blogs/2020/08/11/migrate-from-docker-compose.html b/blogs/2020/08/11/migrate-from-docker-compose.html index 59891fbd2..2d6fc2128 100644 --- a/blogs/2020/08/11/migrate-from-docker-compose.html +++ b/blogs/2020/08/11/migrate-from-docker-compose.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/11/new.html b/blogs/2020/08/11/new.html index 6ee070cf7..19bd78577 100644 --- a/blogs/2020/08/11/new.html +++ b/blogs/2020/08/11/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/13/new.html b/blogs/2020/08/13/new.html index 67d80da20..3a338dea1 100644 --- a/blogs/2020/08/13/new.html +++ b/blogs/2020/08/13/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/08/13/walk-through.html b/blogs/2020/08/13/walk-through.html index d110807bc..711523c56 100644 --- a/blogs/2020/08/13/walk-through.html +++ b/blogs/2020/08/13/walk-through.html @@ -12,13 +12,13 @@ - +

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    · One min read

    podman logo

    Learning Red Hat's Podman (docker), Buildah, Skopeo and Quay.io

    By Tom Sweeney GitHub

    Four engineers at IBM and Red Hat, JJ Asghar, Brian Tannous, Jason Dobies and Cedric Clyburn spent some time in a stream learning about Podman, Buildah, Skopeo from the ground up in this video blog post. Check out the video to get a great introduction to the tools.

    - + \ No newline at end of file diff --git a/blogs/2020/08/17/work-the-problems.html b/blogs/2020/08/17/work-the-problems.html index 85c5ac18d..8e9915bab 100644 --- a/blogs/2020/08/17/work-the-problems.html +++ b/blogs/2020/08/17/work-the-problems.html @@ -12,13 +12,13 @@ - +

    Podman Troubleshooting Guide

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    That's been a helpful creed for me and it's also helpful for the Podman world too. Many times the community spends a fair amount of effort answering issues and questions either in GitHub's issues or in the Podman Mailing List. That's really great, but sometimes the discussion finds that the problem is concerning an issue that is on the Podman Troubleshooting Guide. This page might be one of the least visited pages on the site, yet the most helpful, especially for people who are new to the Podman project.

    The page contains a number of common issues and solutions for Podman. It can help people who are running into issues find out if the issue has been encountered before. Some of the more common ones are issues with mounts and selinux, rootless containers not being able to ping the host, rootless containers exiting with the user, and more. A lot of the items of the page are not really issues with the Podman software, but rather that required configuration steps for use cases were not completed. Along with the problem and typical error responses on this page, each one has a solution section that will walk you through the steps needed to correct the problem. As common problems are encountered along the way, the community is encouraged to add them to the troubleshooting page, keeping it a fresh source of information.

    Hopefully this post will help users of Podman find and discover solutions to their problems more easily in the Podman Troubleshooting Guide. Just as importantly, it will act as a reminder for those in the community who are familiar with the page to consider adding problems and solutions that they may encounter. As we move forward, effective use of this page will help us prove Gene Kranz right in the Podman universe, "Failure is not an option".

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/new.html b/blogs/2020/08/21/new.html index 595731328..e7acddf16 100644 --- a/blogs/2020/08/21/new.html +++ b/blogs/2020/08/21/new.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/21/rootless-separation-openscap.html b/blogs/2020/08/21/rootless-separation-openscap.html index 9a8d3173f..6c997f925 100644 --- a/blogs/2020/08/21/rootless-separation-openscap.html +++ b/blogs/2020/08/21/rootless-separation-openscap.html @@ -12,13 +12,13 @@ - +

    Container video series&#58; Rootless containers, process separation, and OpenSCAP

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/container-time.html b/blogs/2020/08/24/container-time.html index 362df008d..3c92bb87a 100644 --- a/blogs/2020/08/24/container-time.html +++ b/blogs/2020/08/24/container-time.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/24/new.html b/blogs/2020/08/24/new.html index 187555451..6562d553f 100644 --- a/blogs/2020/08/24/new.html +++ b/blogs/2020/08/24/new.html @@ -12,13 +12,13 @@ - +

    Tick-tock. Does your container know what time it is?

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/new.html b/blogs/2020/08/31/new.html index f48bd78c4..2a3d41cf5 100644 --- a/blogs/2020/08/31/new.html +++ b/blogs/2020/08/31/new.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/08/31/podman-and-kubernetes.html b/blogs/2020/08/31/podman-and-kubernetes.html index d1ed54c7d..9bcc877c0 100644 --- a/blogs/2020/08/31/podman-and-kubernetes.html +++ b/blogs/2020/08/31/podman-and-kubernetes.html @@ -12,13 +12,13 @@ - +

    The podman play kube command now supports deployments

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/new.html b/blogs/2020/09/02/new.html index 319f9c6ec..179932dd3 100644 --- a/blogs/2020/09/02/new.html +++ b/blogs/2020/09/02/new.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/02/running_windows_or_mac.html b/blogs/2020/09/02/running_windows_or_mac.html index 660b3b914..2b527d455 100644 --- a/blogs/2020/09/02/running_windows_or_mac.html +++ b/blogs/2020/09/02/running_windows_or_mac.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/multi-blog-posts.html b/blogs/2020/09/18/multi-blog-posts.html index 9c67e901a..19563f9c3 100644 --- a/blogs/2020/09/18/multi-blog-posts.html +++ b/blogs/2020/09/18/multi-blog-posts.html @@ -12,13 +12,13 @@ - +

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/2020/09/18/new.html b/blogs/2020/09/18/new.html index 40d9e3327..ff6300a2e 100644 --- a/blogs/2020/09/18/new.html +++ b/blogs/2020/09/18/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/2020/09/22/security.html b/blogs/2020/09/22/security.html index 1955048ba..a3e7124d2 100644 --- a/blogs/2020/09/22/security.html +++ b/blogs/2020/09/22/security.html @@ -12,13 +12,13 @@ - +

    Podman Security Announcement

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/devconf-ctr-tech.html b/blogs/2020/09/28/devconf-ctr-tech.html index 7520b2d78..73e45fbb9 100644 --- a/blogs/2020/09/28/devconf-ctr-tech.html +++ b/blogs/2020/09/28/devconf-ctr-tech.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/28/new.html b/blogs/2020/09/28/new.html index b89362102..89838c79b 100644 --- a/blogs/2020/09/28/new.html +++ b/blogs/2020/09/28/new.html @@ -12,13 +12,13 @@ - +

    DevConf US 2020 Containers Technologies Talk

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/Oct-6-Agenda.html b/blogs/2020/09/30/Oct-6-Agenda.html index 00ad12d2f..e3db2e1a4 100644 --- a/blogs/2020/09/30/Oct-6-Agenda.html +++ b/blogs/2020/09/30/Oct-6-Agenda.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ 11:00 a.m. to 12:p.m. Eastern (UTC−04:00) Bluejeans: https://bluejeans.com/796412039 (If you have trouble connecting, please reach out in IRC libera.chat #podman)

    Agenda:
    11:00 to 11:05Welcoming Remarks
    11:10 to 11:20Introductions - All Attendees
    11:20 to 11:30Upcoming Podman Release Features and Schedule - Matt Heon
    11:30 to 11:40Podman 3.0 Planning - Dan Walsh
    11:40 to 12:00Open Forum/Questions and Answers Session

    Next Meeting: Tuesday November 3, 2020 11:00 a.m. Eastern (UTC-04:00)

    - + \ No newline at end of file diff --git a/blogs/2020/09/30/new.html b/blogs/2020/09/30/new.html index 63d6531ac..a13ed6aa7 100644 --- a/blogs/2020/09/30/new.html +++ b/blogs/2020/09/30/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    - + \ No newline at end of file diff --git a/blogs/2020/10/05/new.html b/blogs/2020/10/05/new.html index 6c07c1607..e9e847aba 100644 --- a/blogs/2020/10/05/new.html +++ b/blogs/2020/10/05/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/10/17/expoloring-restful-api.html b/blogs/2020/10/17/expoloring-restful-api.html index 19b5504a0..4c7c169f7 100644 --- a/blogs/2020/10/17/expoloring-restful-api.html +++ b/blogs/2020/10/17/expoloring-restful-api.html @@ -12,13 +12,13 @@ - +

    Exploring Podman RESTful API using Python and Bash

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/2020/10/17/new.html b/blogs/2020/10/17/new.html index f5f534b7c..a6b7dc95a 100644 --- a/blogs/2020/10/17/new.html +++ b/blogs/2020/10/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/11/13/gitlab-runner-and-podman.html b/blogs/2020/11/13/gitlab-runner-and-podman.html index b9d9bac4a..384ac6da8 100644 --- a/blogs/2020/11/13/gitlab-runner-and-podman.html +++ b/blogs/2020/11/13/gitlab-runner-and-podman.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/11/13/new.html b/blogs/2020/11/13/new.html index 1910c30b6..7f3dddc93 100644 --- a/blogs/2020/11/13/new.html +++ b/blogs/2020/11/13/new.html @@ -12,13 +12,13 @@ - +

    The history of an API&#58; GitLab Runner and Podman

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/2020/12/01/new.html b/blogs/2020/12/01/new.html index 7981216a6..361cc3268 100644 --- a/blogs/2020/12/01/new.html +++ b/blogs/2020/12/01/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/12/01/short-container-names.html b/blogs/2020/12/01/short-container-names.html index 9583d135b..98bef7bf1 100644 --- a/blogs/2020/12/01/short-container-names.html +++ b/blogs/2020/12/01/short-container-names.html @@ -12,13 +12,13 @@ - +

    Container image short names in Podman

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/2020/12/07/new.html b/blogs/2020/12/07/new.html index 5ee3db088..10ad71ef6 100644 --- a/blogs/2020/12/07/new.html +++ b/blogs/2020/12/07/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2020/12/07/podman-posts-of-interests.html b/blogs/2020/12/07/podman-posts-of-interests.html index 8e2eaf7e0..95b6533a7 100644 --- a/blogs/2020/12/07/podman-posts-of-interests.html +++ b/blogs/2020/12/07/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/new.html b/blogs/2020/12/09/new.html index 92aeac393..fa65bfd64 100644 --- a/blogs/2020/12/09/new.html +++ b/blogs/2020/12/09/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Using Podman and systemd to manage container lifecycle

    · One min read

    Ed Haynes has put together a demo of using Podman and systemd to manage a container lifecycle that's available on GitHub. He's written up a post that does a nice job of walking through setting up the demo and running it.

    - + \ No newline at end of file diff --git a/blogs/2020/12/09/podman-systemd-demo.html b/blogs/2020/12/09/podman-systemd-demo.html index 8c120a1d6..853fe0bc3 100644 --- a/blogs/2020/12/09/podman-systemd-demo.html +++ b/blogs/2020/12/09/podman-systemd-demo.html @@ -12,13 +12,13 @@ - +

    Using Podman and systemd to manage container lifecycle

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    For my demo, I used a minimal Fedora33 install with Podman installed. To simplify my lifecycle (which in industrial can be 10+ years) I want to keep the base OS as minimal and clean as possible and keep all application dependencies in the containers. I will be creating a redis in-memory keystore database as my containerized application and use the "podman generate systemd" utility to generate the systemd unit file. This file lets systemd know what your policies are for your application - whether it should start at boot or restart when it fails. In my case I want my application available at boot and also want it to restart in case of failure. I enable and start the systemd service with the --user flag, again I don't want root access for security reasons on this device.

    I provide a test script to test the redis container API. While I could have installed the redis-cli on my base Fedora33 OS to do this testing this would violate my desire to keep the base OS as minimal as possible. I pass values to the redis container's port via "nc" to set a key index of "frog" to 56. I then show via getting that index that the value is properly set. Now for the interesting part. I use pkill to kill the redis database and then show how systemd restarts the failed container. You can also reboot the OS and find your application running at startup.

    To tidy things up I provide a cleanup script which stops the service and cleans up the container so you can start the demo from the top if you like.

    To run this demo yourself (I've tested on Fedora33, Red Hat 8.3, and Ubuntu 20.10) ensure Podman and git are installed on your OS

    Also remember this is all done as a standard user - no root!

    git clone https://github.com/edhaynes/podman_systemd_usermode_demo.git

    cd podman_systemd_usermode_demo

    ./launch_redis_container.sh

    "launch_redis_container.sh" launches redis container, adds usermode systemd entry, enables and starts it. You will need to hit "q" to get out of the shown status.

    You should see something like:

    redis_server.service - Podman container-redis_ Loaded: loaded

     Active: active (running) since Wed 2020-12-09 09:22:40 EST; 1h 58min ago

    Now that redis is running you can run the test script that sets a key value, retrieves it, and then kills the redis container. systemd will then restart the container and you can see all is working again. Do this with:

    ./test_redis_container.sh

    Once you are done experimenting with it you can run the cleanup script to stop the systemd service, remove it and stop / remove the container.

    ./cleanup.sh

    Hope you enjoyed this demo and any comments or suggestions please make them in the GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/11/new.html b/blogs/2020/12/11/new.html index 19f505c60..64d9ca278 100644 --- a/blogs/2020/12/11/new.html +++ b/blogs/2020/12/11/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html index 3d5abc12a..e68af8277 100644 --- a/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html +++ b/blogs/2020/12/11/remove-varlink-libpod-conf-notice.html @@ -12,13 +12,13 @@ - +

    Podman API v1.0 Deprecation and Removal Notice

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    This new Podman v2.0 RESTful API was released along with Podman v2.0 in June of 2020 and replaces the Podman API v1.0. As of that time the Podman API v1.0 for Podman was considered to be deprecated. The Podman team noted that the Podman v1.0 (varlink) API would be removed from the Podman project in a future release and that a one month notice would be sent to the community before the version of Podman without the v1.0 API was released. This note represents that notice.

    The Podman API v1.0 was just recently removed from the upstream repository on GitHub as work has started on the next release of Podman, v3.0. Podman v3.0 is expected to be released on Fedora 33 in late January 2021 and then later next year in RHEL 8.4 and other distributions.

    At the same time as the removal of the Podman v1.0 API, the libpod.conf file has also been removed and it too will no longer be included with Podman starting in Podman v3.0. The functionality of this file has been replaced by containers.conf. If there have been modifications made to the libpod.conf file in your environment, you should be able to make the same changes in containers.conf and they will be honored.

    If you have any questions or concerns about this notification, please send a note to the Podman mailing list or create an issue on Podman’s GitHub repository.

    - + \ No newline at end of file diff --git a/blogs/2020/12/14/new.html b/blogs/2020/12/14/new.html index 55bd27e8f..e2b09b0ae 100644 --- a/blogs/2020/12/14/new.html +++ b/blogs/2020/12/14/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2020/12/22/behind-container-images.html b/blogs/2020/12/22/behind-container-images.html index 2e8795581..f9be1f17d 100644 --- a/blogs/2020/12/22/behind-container-images.html +++ b/blogs/2020/12/22/behind-container-images.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/22/new.html b/blogs/2020/12/22/new.html index 4cbda6a27..d3eb6994e 100644 --- a/blogs/2020/12/22/new.html +++ b/blogs/2020/12/22/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/containers-com-podman.html b/blogs/2020/12/23/containers-com-podman.html index f8714866e..746665e5f 100644 --- a/blogs/2020/12/23/containers-com-podman.html +++ b/blogs/2020/12/23/containers-com-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2020/12/23/new.html b/blogs/2020/12/23/new.html index 419b63748..5736fa509 100644 --- a/blogs/2020/12/23/new.html +++ b/blogs/2020/12/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Containers com Podman

    · One min read

    Como está o seu português? Well if it's better than mine, check out Daniel Lara's video on YouTube. He walks through running Containers using Podman, creating pods, generating YAML for Kubernetes and more! Daniel uses a number of great examples, so it is pretty easy to follow along even if your Portugese is like mine. Apreciar!

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/new.html b/blogs/2021/01/11/new.html index 0365b9356..9622527f2 100644 --- a/blogs/2021/01/11/new.html +++ b/blogs/2021/01/11/new.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/11/podman-compose.html b/blogs/2021/01/11/podman-compose.html index bd793c551..a2b8130ae 100644 --- a/blogs/2021/01/11/podman-compose.html +++ b/blogs/2021/01/11/podman-compose.html @@ -12,13 +12,13 @@ - +

    Using Podman and Docker Compose

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/managing-pods.html b/blogs/2021/01/15/managing-pods.html index 2cad9fcf6..be78ff7a1 100644 --- a/blogs/2021/01/15/managing-pods.html +++ b/blogs/2021/01/15/managing-pods.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/15/new.html b/blogs/2021/01/15/new.html index fe686347a..dbb55896e 100644 --- a/blogs/2021/01/15/new.html +++ b/blogs/2021/01/15/new.html @@ -12,13 +12,13 @@ - +

    Podman&#58; Managing pods and containers in a local container runtime

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/23/new.html b/blogs/2021/01/23/new.html index db2be3950..d1adc41e4 100644 --- a/blogs/2021/01/23/new.html +++ b/blogs/2021/01/23/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/01/23/podman-posts-of-interests.html b/blogs/2021/01/23/podman-posts-of-interests.html index ec0a7f3ac..d6561d156 100644 --- a/blogs/2021/01/23/podman-posts-of-interests.html +++ b/blogs/2021/01/23/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/docker-compose-to-podman.html b/blogs/2021/01/26/docker-compose-to-podman.html index 8bf09ef7d..047b7805b 100644 --- a/blogs/2021/01/26/docker-compose-to-podman.html +++ b/blogs/2021/01/26/docker-compose-to-podman.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/01/26/new.html b/blogs/2021/01/26/new.html index c2f6c99e0..05194bd70 100644 --- a/blogs/2021/01/26/new.html +++ b/blogs/2021/01/26/new.html @@ -12,13 +12,13 @@ - +

    From Docker Compose to Kubernetes with Podman

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html index df62be9b5..62ca6c664 100644 --- a/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html +++ b/blogs/2021/02/08/easy-development-dependency-management-with-podman-and-tent.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    Running containers can be accessed via their exposed ports and can be paired with any other application on your system.

    Starting a service such as mysql is as simple as executing tent start mysql and you'll never have to look back at it.

    But mysql is not the only available service. A list of all the available services can be found on: services.go

    Tent is heavily inspired from tighten/takeout and is an experimental project. Hence, care should be taken if you're using it in a critical environment.

    Dependencies

    • Linux
    • Podman Installed
    • Podman System Service Running

    If you have Podman installed, you can start the system service as follows:

    ## starts the podman system service
    systemctl --user start podman.socket

    ## enables the podman system service, so it doesn't close on every reboot
    systemctl --user enable podman.socket

    ## stops the podman system service
    systemctl --user stop podman.socket

    ## disables the podman system service, so it doesn't start on every reboot
    systemctl --user disable podman.socket

    Tent assumes that you're running the service in non-root mode, hence the --user argument is necessary in the above commands.

    Installation

    Visit the tent release page and download the tent binary to your computer. Open up your terminal where you've donwloaded the file and execute following commands:

    chmod +x ./tent

    sudo mv ./tent /usr/local/bin

    Now the tent command should be available everywhere in your system.

    Build From Source

    If you're on a Fedora system, the following command should install the necessary development dependencies.

    sudo dnf groupinstall "Development Tools" -y && sudo dnf install golang btrfs-progs-devel gpgme-devel device-mapper-devel -y

    And on a Ubuntu system, the following command should install the necessary development dependencies.

    sudo apt install build-essential golang-go libbtrfs-dev libgpgme-dev libdevmapper-dev -y

    If you're on a different system you, may look for equivalent package on the respective package repositories.

    Now build and install the application as follows:

    git clone https://github.com/fhsinchy/tent.git ~/tent

    cd ~/tent

    make install

    Usage

    The tent binary has following commands:

    • tent start <service name> - starts a container for the given service
    • tent stop <service name> - stops and removes a container for the given service
    • tent list - lists all running containers

    Most of the services in tent utilizes volumes for persisting data, so even if you stop a service, it's data will be persisted in a volume for later usage. These volumes can listed by executing podman volume ls and can be managed like any other podman volume.

    Start a Service

    The generic syntax for the start command is as follows:

    tent start <service name>

    ## starts mysql and prompts you where necessary
    tent start mysql

    ## starts redis and mongo and prompts you where necessary
    tent start redis mongo

    Start Service with Default Configuration

    The --default flag for the start command can be used to skip all the prompts and start a service with default configuration

    tent start <service name> --default

    ## starts mysql with the default configuration
    tent start mysql --default

    ## starts redis and mongo with default configuration
    tent start redis mongo --default

    Stop a Service

    The generic syntax for the stop command is as follows:

    tent stop <service name>

    ## stops mysql and removes the container
    ## prompts you if multiple containers are found
    tent stop mysql

    ## stops all mysql containers and removes them
    tent stop mysql --all

    ## stops redis and mongo then removes the containers.
    ## prompts you if multiple containers are found for any of the given services.
    tent stop redis mongo

    ## stops all redis and mongo conainers and then removes them
    tent stop redis mongo --all

    Stop all Services

    The --all flag for the stop command can be used to stop and remove all running tent containers at once

    tent stop --all

    Running Multiple Versions

    Given all the services are running inside containers, you can spin up multiple versions of the same service as long as you're keeping the port different.

    Run tent start mysql twice; the first time, use the --default flag, and the second time, put 5.7 as tag and 3307 as host port.

    Now, if you run tent list, you'll see both services running at the same time.

    +--------------+----------------+---------------+---------------+
    | CONTAINER              | Image               | PORTS          |
    +--------------+----------------+---------------+---------------+
    | tent-mysql-5.7-3307    | docker.io/mysql:5.7 | 3307->3306/tcp |
    | tent-mysql-latest-3306 | docker.io/mysql:5.7 | 3306->3306/tcp |
    +--------------+----------------+---------------+---------------+

    Container Management

    Containers started by tent are regular containers with some pre-set configurations. So you can use regular podman commands such as ls, inspect, logs etc on them. Although tent comes with a list command, using the podman commands will result in more informative results. The target of tent is to provide plug and play containers, not to become a full-fledged podman cli.

    Contribution

    Tent is an open-source project and contributions are more than welcomed. If you're a Go programmer do take some time to go through the source-code, see if you can improve any part of the program, the maintainer will be more than happy to co-operate. And if you like the project, don't forget to leave a star and share with other fellow developers to show your appreciation.

    - + \ No newline at end of file diff --git a/blogs/2021/02/08/new.html b/blogs/2021/02/08/new.html index accfc4e42..033a80320 100644 --- a/blogs/2021/02/08/new.html +++ b/blogs/2021/02/08/new.html @@ -12,13 +12,13 @@ - +

    Easy Development Dependency Management With Podman and Tent

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/2021/03/02/podman-support-for-older-distros.html b/blogs/2021/03/02/podman-support-for-older-distros.html index ea39f3285..8450d5b37 100644 --- a/blogs/2021/03/02/podman-support-for-older-distros.html +++ b/blogs/2021/03/02/podman-support-for-older-distros.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ systems, where the kernel and certain core libraries may be too old.

    Podman 3.0 will be the last major build on CentOS 7, Debian 10 and Ubuntu 18.04. After this release, we recommend users who need the latest versions of Podman to move to newer versions of their Linux distribution.

    - + \ No newline at end of file diff --git a/blogs/2021/03/27/new.html b/blogs/2021/03/27/new.html index 75eb2d6e0..07c7fc7b8 100644 --- a/blogs/2021/03/27/new.html +++ b/blogs/2021/03/27/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/03/27/podman-posts-of-interests.html b/blogs/2021/03/27/podman-posts-of-interests.html index 02ee843bf..92ac0e4a6 100644 --- a/blogs/2021/03/27/podman-posts-of-interests.html +++ b/blogs/2021/03/27/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/04/02/new.html b/blogs/2021/04/02/new.html index fe6a73a24..1edadff46 100644 --- a/blogs/2021/04/02/new.html +++ b/blogs/2021/04/02/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/05/04/new.html b/blogs/2021/05/04/new.html index b6238c45a..54554aa22 100644 --- a/blogs/2021/05/04/new.html +++ b/blogs/2021/05/04/new.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/04/star-wars-in-podman.html b/blogs/2021/05/04/star-wars-in-podman.html index 26dd7a0ca..f0d1dbbc5 100644 --- a/blogs/2021/05/04/star-wars-in-podman.html +++ b/blogs/2021/05/04/star-wars-in-podman.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/new.html b/blogs/2021/05/26/new.html index 595e2913e..b7dbb5788 100644 --- a/blogs/2021/05/26/new.html +++ b/blogs/2021/05/26/new.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/05/26/podman-3-compose.html b/blogs/2021/05/26/podman-3-compose.html index 81783dafb..803c8ac9c 100644 --- a/blogs/2021/05/26/podman-3-compose.html +++ b/blogs/2021/05/26/podman-3-compose.html @@ -12,13 +12,13 @@ - +

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/2021/06/13/new.html b/blogs/2021/06/13/new.html index c72bd7544..643dbdd00 100644 --- a/blogs/2021/06/13/new.html +++ b/blogs/2021/06/13/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/06/13/podman-posts-of-interests.html b/blogs/2021/06/13/podman-posts-of-interests.html index 155e9abb8..c85adb073 100644 --- a/blogs/2021/06/13/podman-posts-of-interests.html +++ b/blogs/2021/06/13/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/06/16/install-podman-on-ubuntu.html b/blogs/2021/06/16/install-podman-on-ubuntu.html index 7f8d98278..104525e6e 100644 --- a/blogs/2021/06/16/install-podman-on-ubuntu.html +++ b/blogs/2021/06/16/install-podman-on-ubuntu.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/06/16/new.html b/blogs/2021/06/16/new.html index 11030c443..0be8b78b2 100644 --- a/blogs/2021/06/16/new.html +++ b/blogs/2021/06/16/new.html @@ -12,13 +12,13 @@ - +

    How to Install and Use Podman on Ubuntu 20.04

    · One min read

    Hitesh Jethva posted a blog post on the Atlantic.Net site talking about How to Install and Use Podman on Ubuntu 20.04. In the post Hitesh walks through all the steps necessary from 'A' to 'Z' to get Podman up and running on Ubuntu 20.04 and how to do some initial Podman commands.

    - + \ No newline at end of file diff --git a/blogs/2021/07/01/new.html b/blogs/2021/07/01/new.html index ace5b517b..251f0b678 100644 --- a/blogs/2021/07/01/new.html +++ b/blogs/2021/07/01/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/07/01/podman-inside-kubernets.html b/blogs/2021/07/01/podman-inside-kubernets.html index 0280e4c24..ec7948a81 100644 --- a/blogs/2021/07/01/podman-inside-kubernets.html +++ b/blogs/2021/07/01/podman-inside-kubernets.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/07/02/new.html b/blogs/2021/07/02/new.html index 35a036d63..0b6acd8b9 100644 --- a/blogs/2021/07/02/new.html +++ b/blogs/2021/07/02/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/07/02/podman-inside-container.html b/blogs/2021/07/02/podman-inside-container.html index a792a265e..22948bcc6 100644 --- a/blogs/2021/07/02/podman-inside-container.html +++ b/blogs/2021/07/02/podman-inside-container.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/09/03/new.html b/blogs/2021/09/03/new.html index 8c04b888d..1a1a5958d 100644 --- a/blogs/2021/09/03/new.html +++ b/blogs/2021/09/03/new.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@
    - + \ No newline at end of file diff --git a/blogs/2021/09/03/podman-posts-of-interests.html b/blogs/2021/09/03/podman-posts-of-interests.html index 265a105b0..c87c335be 100644 --- a/blogs/2021/09/03/podman-posts-of-interests.html +++ b/blogs/2021/09/03/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · One min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2021/09/06/new.html b/blogs/2021/09/06/new.html index 5167b17b1..68f263bc8 100644 --- a/blogs/2021/09/06/new.html +++ b/blogs/2021/09/06/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/09/06/podman-on-macs.html b/blogs/2021/09/06/podman-on-macs.html index fb70f968c..a1d3ac7c7 100644 --- a/blogs/2021/09/06/podman-on-macs.html +++ b/blogs/2021/09/06/podman-on-macs.html @@ -12,13 +12,13 @@ - +

    Podman remote clients for macOS and Windows

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    Recently, we have been getting an influx of questions about Podman and Podman desktop, specifically around Macs. Coincidentally, we have a really elegant solution which we’d like to introduce. In the recently released Podman-3.3.1, we now have support for Intel-based Macs. It is command-line driven and can be installed through brew (aka Homebrew).

    User Experience on macOS

    The user-experience is quite simple:

    1. Install brew (as it is described on their homepage)
    2. Install podman from brew: brew install podman
    3. Initialize a podman machine: podman machine init
    4. Start the machine: podman machine start
    5. Use podman as you normally would.

    It is worth running podman machine --help to familiarize yourself with the other commands used to manage machines.

    Please note that Podman machine is still under development. While we support port forwarding on Macs and Linux, we have not implemented a solution for file sharing and bind mounts. We are currently researching the various technologies to do so as we want to choose a performant approach.

    Podman machine is currently only supported on Linux and Intel Macs. As for the new Macs that are based on Apple Silicon, we are now waiting for two things. First, we need some patches from upstream qemu to get merged and released. While we wait for the upstream patches, we are working on a possible work-around for qemu. If that is successful, we will re-enable the M1 support in Podman and get brew updated. The second is we need Fedora CoreOS aarch64 images to be indexed, which should be occurring very shortly. Podman 3.4, Oct-10-2021

    User Experience on Windows

    We currently support the Windows platform with a remote client that can be downloaded from our GitHub releases page. That remote client requires a Linux server with Podman and its service running. We also have user reports that running Podman in WSL is quite tenable. Consider the WSL option if you do not have available Linux servers with Podman installed.

    We intend to develop a desktop for the Mac and Windows experience for Podman. Early design work is under consideration. No timeline has been identified yet.

    Questions?

    Remember, our development team can be found in our Matrix room which has been bridged to the #podman channel on libera IRC as well as our Discord server. You can also get in touch with us via our project page by opening issues, PR’s and discussions. We love to hear from people!

    Podman is an open-source project. We are always looking for contributors to help us accelerate features into the Podman and container world.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/m1macs.html b/blogs/2021/10/04/m1macs.html index aafb308f3..04eda908d 100644 --- a/blogs/2021/10/04/m1macs.html +++ b/blogs/2021/10/04/m1macs.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ things are fixed, we support Apple silicon hardware with Podman 3.4.

    In the last two weeks, we were able to clear the final hurdles to support Podman machine on Apple Silicon. Many thanks to the QEMU maintainers and the maintainers of brew. And last but not least, the Fedora FCOS team which officially supports the aarch64 architecture now.

    - + \ No newline at end of file diff --git a/blogs/2021/10/04/new.html b/blogs/2021/10/04/new.html index 2936880ae..ef9d49f45 100644 --- a/blogs/2021/10/04/new.html +++ b/blogs/2021/10/04/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/11/multiarch.html b/blogs/2021/10/11/multiarch.html index 1c93d9492..84683c37e 100644 --- a/blogs/2021/10/11/multiarch.html +++ b/blogs/2021/10/11/multiarch.html @@ -12,7 +12,7 @@ - + @@ -106,7 +106,7 @@ bugs and deficiencies are present in earlier editions. On that same note, if you do encounter any strange or unexpected behavior, please reach out to the upstream community for assistance.

    - + \ No newline at end of file diff --git a/blogs/2021/10/11/new.html b/blogs/2021/10/11/new.html index d0b93ee78..52d843818 100644 --- a/blogs/2021/10/11/new.html +++ b/blogs/2021/10/11/new.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/2021/10/16/new.html b/blogs/2021/10/16/new.html index 391186fd1..e1af69288 100644 --- a/blogs/2021/10/16/new.html +++ b/blogs/2021/10/16/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/16/sudo-with-rootless-podman.html b/blogs/2021/10/16/sudo-with-rootless-podman.html index 002829076..b13fa3838 100644 --- a/blogs/2021/10/16/sudo-with-rootless-podman.html +++ b/blogs/2021/10/16/sudo-with-rootless-podman.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/27/how-podman-runs-on-macs.html b/blogs/2021/10/27/how-podman-runs-on-macs.html index a5d7d6c4b..be0967a26 100644 --- a/blogs/2021/10/27/how-podman-runs-on-macs.html +++ b/blogs/2021/10/27/how-podman-runs-on-macs.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/27/new.html b/blogs/2021/10/27/new.html index 8f2456eb5..d51c4ce60 100644 --- a/blogs/2021/10/27/new.html +++ b/blogs/2021/10/27/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html index f2568d76b..9ee35bb9d 100644 --- a/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html +++ b/blogs/2021/10/28/build-kubernetes-pods-with-podman-play-kube.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2021/10/28/new.html b/blogs/2021/10/28/new.html index 81abfc6aa..d91db3118 100644 --- a/blogs/2021/10/28/new.html +++ b/blogs/2021/10/28/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/02/04/network-usage.html b/blogs/2022/02/04/network-usage.html index feef06b47..2b15789b8 100644 --- a/blogs/2022/02/04/network-usage.html +++ b/blogs/2022/02/04/network-usage.html @@ -12,13 +12,13 @@ - +

    Testing Podman 4 with the new network stack

    · 2 min read

    podman logo

    Testing Podman 4 with the new network stack

    By Brent Baude GitHub

    Podman 4.0 will implement a new network stack instead of CNI plugins. There are two components to the new stack:

    • Netavark performs interface setup, IP address/etc assignment, NAT, and port mapping.
    • Aardvark-dns that replaces the previous DNS name custom plugin. Aardvark-dns is a DNS server that provides name resolution and forwarding for container networks.

    Warning: Before testing Podman 4 and the new network stack, you will have to destroy all your current containers, images, and network. Consider exporting/saving any import containers or images.

    If you have run Podman 3.x before upgrading to Podman 4, Podman will continue to use CNI plugins as it had before. There is a marker in Podman's local storage that indicates this. In order to begin using Podman 4, you need to destroy that marker with podman system reset. This will destroy the marker, all of the images, all of the networks, and all of the containers.

    Setting up Podman 4 with netavark and aardvark-dns on Fedora

    If this is an upgrade to a current Podman install, destroy all current images, containers, and defined networks.

    $ podman system reset --force

    Ensure you have the DNF copr extension.

    $ sudo dnf install 'dnf-command(copr)'

    Add the podman4 test COPR to your system

    $ sudo dnf copr enable rhcontainerbot/podman4

    If you have never installed Podman, replace upgrade with install in the following command.

    $ sudo dnf upgrade podman

    If Podman was upgraded, you may have to install netavark explicitly. Otherwise, the Podman package will continue to use CNI.

    $ sudo dnf install netavark aardvark-dns

    If you find bugs, please report them to our github issues page.

    - + \ No newline at end of file diff --git a/blogs/2022/02/04/new.html b/blogs/2022/02/04/new.html index a6b3eec93..e5e88433e 100644 --- a/blogs/2022/02/04/new.html +++ b/blogs/2022/02/04/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/02/22/new.html b/blogs/2022/02/22/new.html index 3956c2aae..025dfb6da 100644 --- a/blogs/2022/02/22/new.html +++ b/blogs/2022/02/22/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/03/06/new.html b/blogs/2022/03/06/new.html index 903f82d71..275f3920b 100644 --- a/blogs/2022/03/06/new.html +++ b/blogs/2022/03/06/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/03/06/why_no_podman4_f35.html b/blogs/2022/03/06/why_no_podman4_f35.html index 726b17c7d..496897878 100644 --- a/blogs/2022/03/06/why_no_podman4_f35.html +++ b/blogs/2022/03/06/why_no_podman4_f35.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ a quick start, it is simply:

        $ sudo dnf copr enable rhcontainerbot/podman4

    Once that command completes, you can install Podman.

        $ sudo dnf install podman

    Note: If you are upgrading an existing Podman 3 install and wish to run Podman 4's new network stack, be certain you that the aardvark and netavark packages are also installed (they are part of the same COPR). You will also need to then run podman system reset --force before running any new containers.

    - + \ No newline at end of file diff --git a/blogs/2022/03/15/new.html b/blogs/2022/03/15/new.html index 64c810b95..a78e99df7 100644 --- a/blogs/2022/03/15/new.html +++ b/blogs/2022/03/15/new.html @@ -12,13 +12,13 @@ - +

    Podman 4.0.2 is available on Homebrew

    · One min read

    Podman v4.0.2 is now on Homebrew! Learn More!.

    - + \ No newline at end of file diff --git a/blogs/2022/03/15/podman4.0.2brew.html b/blogs/2022/03/15/podman4.0.2brew.html index b52b96d80..5ef6a948b 100644 --- a/blogs/2022/03/15/podman4.0.2brew.html +++ b/blogs/2022/03/15/podman4.0.2brew.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/2022/03/23/nvav1.0.2.html b/blogs/2022/03/23/nvav1.0.2.html index 279250c0d..752716033 100644 --- a/blogs/2022/03/23/nvav1.0.2.html +++ b/blogs/2022/03/23/nvav1.0.2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/2022/04/05/new.html b/blogs/2022/04/05/new.html index 9bec78a5e..a28c00513 100644 --- a/blogs/2022/04/05/new.html +++ b/blogs/2022/04/05/new.html @@ -12,13 +12,13 @@ - +

    Podman, Buildah and Skopeo on Ubuntu 22.04 LTS

    · One min read

    Podman, Buildah, and Skopeo will be included in Ubuntu 22.04 LTS Learn More!.

    - + \ No newline at end of file diff --git a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html index 3dc757f35..a0a9bd130 100644 --- a/blogs/2022/04/05/ubuntu-2204-lts-kubic.html +++ b/blogs/2022/04/05/ubuntu-2204-lts-kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/2022/05/08/new.html b/blogs/2022/05/08/new.html index 27d579cee..f6498071f 100644 --- a/blogs/2022/05/08/new.html +++ b/blogs/2022/05/08/new.html @@ -12,14 +12,14 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/05/08/podman-posts-of-interests.html b/blogs/2022/05/08/podman-posts-of-interests.html index 419280fa6..cce5ca18e 100644 --- a/blogs/2022/05/08/podman-posts-of-interests.html +++ b/blogs/2022/05/08/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 2 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/05/09/new.html b/blogs/2022/05/09/new.html index 718f82188..89baffeff 100644 --- a/blogs/2022/05/09/new.html +++ b/blogs/2022/05/09/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/06/08/new.html b/blogs/2022/06/08/new.html index fbc177119..dbf77aeac 100644 --- a/blogs/2022/06/08/new.html +++ b/blogs/2022/06/08/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/06/08/podman-on-windows.html b/blogs/2022/06/08/podman-on-windows.html index b2eb49d3c..732d6c1b1 100644 --- a/blogs/2022/06/08/podman-on-windows.html +++ b/blogs/2022/06/08/podman-on-windows.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ you can then run Podman from your favorite Windows terminal without first having to get into a Virtual Machine. As a bonus, there's a link to a walk through video tutorial included in the post.

    - + \ No newline at end of file diff --git a/blogs/2022/08/17/new.html b/blogs/2022/08/17/new.html index b21f5b01f..aa68a14e4 100644 --- a/blogs/2022/08/17/new.html +++ b/blogs/2022/08/17/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/10/03/debbuild.html b/blogs/2022/10/03/debbuild.html index e11eddc1d..317d0aa27 100644 --- a/blogs/2022/10/03/debbuild.html +++ b/blogs/2022/10/03/debbuild.html @@ -12,13 +12,13 @@ - +

    How Podman packaging works on Linux

    · One min read

    Get a deep dive into Podman packages for Debian and Ubuntu using Fedora Sources, OBS and Debbuild. Learn More!.

    - + \ No newline at end of file diff --git a/blogs/2022/10/03/new.html b/blogs/2022/10/03/new.html index d7bbd43fb..a09f05487 100644 --- a/blogs/2022/10/03/new.html +++ b/blogs/2022/10/03/new.html @@ -12,13 +12,13 @@ - +

    How Podman packaging works on Linux

    · One min read

    Get a deep dive into Podman packages for Debian and Ubuntu using Fedora Sources, OBS and Debbuild. Learn More!.

    - + \ No newline at end of file diff --git a/blogs/2022/10/12/new.html b/blogs/2022/10/12/new.html index aae043bff..a79c5ee67 100644 --- a/blogs/2022/10/12/new.html +++ b/blogs/2022/10/12/new.html @@ -12,14 +12,14 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/10/12/podman-posts-of-interests.html b/blogs/2022/10/12/podman-posts-of-interests.html index 938dcca43..16eef4af3 100644 --- a/blogs/2022/10/12/podman-posts-of-interests.html +++ b/blogs/2022/10/12/podman-posts-of-interests.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Posts of Interest

    · 3 min read

    podman logo

    Podman Posts of Interest

    By Tom Sweeney GitHub

    A number of blog posts have flung by and I have not had a chance to get individual link posts to them, so thought I would add a few here that have popped up recently, links after the break!.

    - + \ No newline at end of file diff --git a/blogs/2022/10/22/new.html b/blogs/2022/10/22/new.html index e15e77f83..a67c845ca 100644 --- a/blogs/2022/10/22/new.html +++ b/blogs/2022/10/22/new.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/blogs/2022/11/11/nvav1.3.html b/blogs/2022/11/11/nvav1.3.html index 66379564b..910bd6484 100644 --- a/blogs/2022/11/11/nvav1.3.html +++ b/blogs/2022/11/11/nvav1.3.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ and aardvark-dns. Both netavark and aardvark-dns versions 1.3.0 were released. As the process works, the upstream releases will slowly work their way into Linux distributions.

    A basic summary of changes for both are as follows:

    v1.3.0 Netavark

    • Housekeeping and code cleanup
    • macvlan: remove tmp interface when name already used in netns
    • Add support for route metrics
    • netlink: return better error if ipv6 is disabled
    • macvlan: fix name collision on hostns
    • Ignore dns-enabled for macvlan (BZ2137320)
    • better errors on teardown
    • allow customer dns servers for containers
    • do not set route for internal-only networks
    • do not use ipv6 autoconf

    v1.3.0 Aardvark-dns

    • allow one or more dns servers in the aardvark config
    - + \ No newline at end of file diff --git a/blogs/2022/12/07/new.html b/blogs/2022/12/07/new.html index 1470c9c74..b3b77b8bf 100644 --- a/blogs/2022/12/07/new.html +++ b/blogs/2022/12/07/new.html @@ -12,13 +12,13 @@ - +

    Website Updates

    · One min read

    Several updates have been planned for this site for quite a while, and work has been ongoing. The first significant change that is happening is with our blog posts. A new WordPress-based site has been created for our posts at blog.podman.io. The new site has a fresh look and feel and shows the direction we’re hoping to take this entire site eventually. You'll probably notice the similarities if you have tried Podman Desktop.

    We are contemplating moving the blog posts from this site to the new one. At least for the moment, the blog posts created before today (December 7, 2022) can now be found under the “Archived Blogs” link on the left side menu. The “Blogs” link in that same menu will take you to the new site.

    We hope you enjoy the new blog site and would love to hear from you about what you think about it. As on this site, blog posts from the community will always be gratefully accepted!

    - + \ No newline at end of file diff --git a/blogs/archive.html b/blogs/archive.html index 3a9fc6788..ffe4911bb 100644 --- a/blogs/archive.html +++ b/blogs/archive.html @@ -12,13 +12,13 @@ - +

    Archive

    Archive

    2018

    2019

    2020

    2021

    2022

    - + \ No newline at end of file diff --git a/blogs/page/10.html b/blogs/page/10.html index 914301e5e..2fdddb70e 100644 --- a/blogs/page/10.html +++ b/blogs/page/10.html @@ -12,13 +12,13 @@ - +

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/page/11.html b/blogs/page/11.html index 8c10f32fd..029f2e06c 100644 --- a/blogs/page/11.html +++ b/blogs/page/11.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/12.html b/blogs/page/12.html index 56c435dc4..7976746a7 100644 --- a/blogs/page/12.html +++ b/blogs/page/12.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/page/13.html b/blogs/page/13.html index be474dd32..0ba5468fb 100644 --- a/blogs/page/13.html +++ b/blogs/page/13.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/page/14.html b/blogs/page/14.html index c833a3c40..e76a6af55 100644 --- a/blogs/page/14.html +++ b/blogs/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/15.html b/blogs/page/15.html index 71e8d3114..522ad66e9 100644 --- a/blogs/page/15.html +++ b/blogs/page/15.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    A number of blog posts were posted over the past month and given the holiday crunch, we didn't get them listed on the site. So as a catch up, checkout the Blog posts on the Web blog which has a number of links on it to those great articles and videos.

    · One min read

    The new API for Podman, referred to as apiv2, has been merged into the libpod repository. It's a simpler REST API that's more compatible with Docker implementations than the varlink protocol that's currently in use. For more details, see this release announcement by Brent Baude.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/page/16.html b/blogs/page/16.html index 53e35c6f5..451892157 100644 --- a/blogs/page/16.html +++ b/blogs/page/16.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang shows you how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/page/17.html b/blogs/page/17.html index 148358689..3f2788a85 100644 --- a/blogs/page/17.html +++ b/blogs/page/17.html @@ -12,13 +12,13 @@ - +

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/page/18.html b/blogs/page/18.html index 1c698dc20..fed3f6a6b 100644 --- a/blogs/page/18.html +++ b/blogs/page/18.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/page/19.html b/blogs/page/19.html index 7a768637f..48256d225 100644 --- a/blogs/page/19.html +++ b/blogs/page/19.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · One min read

    Valentin Rothberg checks in with the "Generate SECCOMP Profiles for Containers Using Podman and eBPF" blog here. In the article Valentin introduces the OCI seccomp hook which allows you to trace the syscalls of a container and then runs through a working example.

    · One min read

    Saharsh Singh talks about how he's moved on from his Docker daemon and moved on to Podman, Buildah and Skopeo here on the Red Hat Service Blog site. Saharsh walks you through a history of container tools and then talks about Podman, Buildah and Skopeo with a lot of great examples.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    Adrian Reber talks all about the Message Passing Interface (MPI) in a High-Performance Computing (HPC) environment with the help of Podman here. Adrian provides a nice walk through of how he accomplished this and then explains each of his steps in great detail.

    - + \ No newline at end of file diff --git a/blogs/page/2.html b/blogs/page/2.html index 33f2866ff..9779f7937 100644 --- a/blogs/page/2.html +++ b/blogs/page/2.html @@ -12,7 +12,7 @@ - + @@ -38,7 +38,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/page/20.html b/blogs/page/20.html index 66c47df99..c67a5e139 100644 --- a/blogs/page/20.html +++ b/blogs/page/20.html @@ -12,14 +12,14 @@ - +

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using Podman while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/page/21.html b/blogs/page/21.html index ebfc6210f..e9e2f4e23 100644 --- a/blogs/page/21.html +++ b/blogs/page/21.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    - + \ No newline at end of file diff --git a/blogs/page/22.html b/blogs/page/22.html index e04b15e8c..83cb137ee 100644 --- a/blogs/page/22.html +++ b/blogs/page/22.html @@ -12,14 +12,14 @@ - +

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    Get all the details on this blog post!

    · One min read

    Red Hat Developer recently posted a new Podman Cheat Sheet on their blog. It's a handy guide that cover the commands that focus on images, containers and container resources. Check it out!

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/page/23.html b/blogs/page/23.html index 436e5efa8..08381b625 100644 --- a/blogs/page/23.html +++ b/blogs/page/23.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Podman machine

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/page/24.html b/blogs/page/24.html index ee9a4f0e7..d814c5a7e 100644 --- a/blogs/page/24.html +++ b/blogs/page/24.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/page/25.html b/blogs/page/25.html index 2becc8b33..90da94d7d 100644 --- a/blogs/page/25.html +++ b/blogs/page/25.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · One min read

    If you've missed the news so far, CoreOS was acquired by Red Hat at the beginning of 2018. This also means some changes for Buildah and Podman.

    Buildah and Podman were previously projects within Project Atomic which is going to be sunset in favor of an immutable host combination of Container Linux and Fedora Atomic Host: this combination is called Fedora CoreOS. We therefore welcome you to the new websites, buildah.io and podman.io where you will find news, announcements, and more around the respective projects.

    To start it up, check out the new Blogs and Releases sections on the site.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/page/3.html b/blogs/page/3.html index 402232463..568775868 100644 --- a/blogs/page/3.html +++ b/blogs/page/3.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ Skopeo container tools to produce an image that supports multiple architectures under a single "name".

    - + \ No newline at end of file diff --git a/blogs/page/4.html b/blogs/page/4.html index a136df5fc..d7dad69fa 100644 --- a/blogs/page/4.html +++ b/blogs/page/4.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/page/5.html b/blogs/page/5.html index 1506a203f..5f774d7e9 100644 --- a/blogs/page/5.html +++ b/blogs/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/page/6.html b/blogs/page/6.html index b29f84760..efb7232d1 100644 --- a/blogs/page/6.html +++ b/blogs/page/6.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/page/7.html b/blogs/page/7.html index ce9832c63..95548333e 100644 --- a/blogs/page/7.html +++ b/blogs/page/7.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/page/8.html b/blogs/page/8.html index 4641479e0..e41a4ea64 100644 --- a/blogs/page/8.html +++ b/blogs/page/8.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/page/9.html b/blogs/page/9.html index 277214dab..66ac67829 100644 --- a/blogs/page/9.html +++ b/blogs/page/9.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags.html b/blogs/tags.html index 471d9a24d..b5079f797 100644 --- a/blogs/tags.html +++ b/blogs/tags.html @@ -12,13 +12,13 @@ - +

    Tags

    - + \ No newline at end of file diff --git a/blogs/tags/aardvark-dns.html b/blogs/tags/aardvark-dns.html index 75e1aaeab..c919a1002 100644 --- a/blogs/tags/aardvark-dns.html +++ b/blogs/tags/aardvark-dns.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark-dns"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/aardvark.html b/blogs/tags/aardvark.html index ee3b4e263..0a15fef55 100644 --- a/blogs/tags/aardvark.html +++ b/blogs/tags/aardvark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "aardvark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/api.html b/blogs/tags/api.html index 20d7775d5..1da3ed71b 100644 --- a/blogs/tags/api.html +++ b/blogs/tags/api.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/2.html b/blogs/tags/api/page/2.html index 36fd8ff6c..aca163472 100644 --- a/blogs/tags/api/page/2.html +++ b/blogs/tags/api/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/3.html b/blogs/tags/api/page/3.html index 7d19aad6d..56f83da6b 100644 --- a/blogs/tags/api/page/3.html +++ b/blogs/tags/api/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/4.html b/blogs/tags/api/page/4.html index cbe4ecb7f..3fa33451d 100644 --- a/blogs/tags/api/page/4.html +++ b/blogs/tags/api/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/5.html b/blogs/tags/api/page/5.html index c4f704b9a..6842133d8 100644 --- a/blogs/tags/api/page/5.html +++ b/blogs/tags/api/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/6.html b/blogs/tags/api/page/6.html index 0da15b0da..d6a3f58c0 100644 --- a/blogs/tags/api/page/6.html +++ b/blogs/tags/api/page/6.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/7.html b/blogs/tags/api/page/7.html index 7f63c45bc..ab3dad24c 100644 --- a/blogs/tags/api/page/7.html +++ b/blogs/tags/api/page/7.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ direct route to a production ready application. More details from Lokesh Mandvekar and Parker Van Roy in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/8.html b/blogs/tags/api/page/8.html index 9f3a01cc9..c57ff04eb 100644 --- a/blogs/tags/api/page/8.html +++ b/blogs/tags/api/page/8.html @@ -12,14 +12,14 @@ - +

    83 posts tagged with "api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/api/page/9.html b/blogs/tags/api/page/9.html index d5a00f166..6786da56c 100644 --- a/blogs/tags/api/page/9.html +++ b/blogs/tags/api/page/9.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/automation.html b/blogs/tags/automation.html index d3b71379c..584d054f8 100644 --- a/blogs/tags/automation.html +++ b/blogs/tags/automation.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/bindings.html b/blogs/tags/bindings.html index 7f8387b6c..c4989aa3b 100644 --- a/blogs/tags/bindings.html +++ b/blogs/tags/bindings.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/bioinformatics.html b/blogs/tags/bioinformatics.html index 126ff1763..a40b03227 100644 --- a/blogs/tags/bioinformatics.html +++ b/blogs/tags/bioinformatics.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "bioinformatics"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    - + \ No newline at end of file diff --git a/blogs/tags/boot-2-podman.html b/blogs/tags/boot-2-podman.html index eb4ba1eab..2846e3af3 100644 --- a/blogs/tags/boot-2-podman.html +++ b/blogs/tags/boot-2-podman.html @@ -12,13 +12,13 @@ - +

    One post tagged with "boot2podman"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/bpf.html b/blogs/tags/bpf.html index 84f290533..8f8a9df85 100644 --- a/blogs/tags/bpf.html +++ b/blogs/tags/bpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "bpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah.html b/blogs/tags/buildah.html index ef9cc36f8..35a3c9a4b 100644 --- a/blogs/tags/buildah.html +++ b/blogs/tags/buildah.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/2.html b/blogs/tags/buildah/page/2.html index 3ede9fa31..882f60deb 100644 --- a/blogs/tags/buildah/page/2.html +++ b/blogs/tags/buildah/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/3.html b/blogs/tags/buildah/page/3.html index 53d26dda1..871d9a8db 100644 --- a/blogs/tags/buildah/page/3.html +++ b/blogs/tags/buildah/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/4.html b/blogs/tags/buildah/page/4.html index acf3a5c8b..6fca41adf 100644 --- a/blogs/tags/buildah/page/4.html +++ b/blogs/tags/buildah/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/buildah/page/5.html b/blogs/tags/buildah/page/5.html index 25dff6009..4f10eca97 100644 --- a/blogs/tags/buildah/page/5.html +++ b/blogs/tags/buildah/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "buildah"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/centos.html b/blogs/tags/centos.html index 3f24dbdd5..ef4e96a60 100644 --- a/blogs/tags/centos.html +++ b/blogs/tags/centos.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/ci.html b/blogs/tags/ci.html index d260a6733..5b411f5a0 100644 --- a/blogs/tags/ci.html +++ b/blogs/tags/ci.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/cloud.html b/blogs/tags/cloud.html index 87d48a237..578b7ea8f 100644 --- a/blogs/tags/cloud.html +++ b/blogs/tags/cloud.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/community.html b/blogs/tags/community.html index c5863aaea..9a853200d 100644 --- a/blogs/tags/community.html +++ b/blogs/tags/community.html @@ -12,13 +12,13 @@ - +

    One post tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/compose.html b/blogs/tags/compose.html index 5de364cff..b27c2fcbf 100644 --- a/blogs/tags/compose.html +++ b/blogs/tags/compose.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers.html b/blogs/tags/containers.html index 869a82e80..44c079369 100644 --- a/blogs/tags/containers.html +++ b/blogs/tags/containers.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/10.html b/blogs/tags/containers/page/10.html index 8da6bd28e..5df3d2e74 100644 --- a/blogs/tags/containers/page/10.html +++ b/blogs/tags/containers/page/10.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/11.html b/blogs/tags/containers/page/11.html index 406f908e1..3cdd7c436 100644 --- a/blogs/tags/containers/page/11.html +++ b/blogs/tags/containers/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/12.html b/blogs/tags/containers/page/12.html index fa1ca4416..e423bb179 100644 --- a/blogs/tags/containers/page/12.html +++ b/blogs/tags/containers/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/13.html b/blogs/tags/containers/page/13.html index d380cdf77..f114a3026 100644 --- a/blogs/tags/containers/page/13.html +++ b/blogs/tags/containers/page/13.html @@ -12,13 +12,13 @@ - +

    178 posts tagged with "containers"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/14.html b/blogs/tags/containers/page/14.html index 4d48e3adb..73291a297 100644 --- a/blogs/tags/containers/page/14.html +++ b/blogs/tags/containers/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/15.html b/blogs/tags/containers/page/15.html index c95667221..e74f41621 100644 --- a/blogs/tags/containers/page/15.html +++ b/blogs/tags/containers/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/16.html b/blogs/tags/containers/page/16.html index 509e3fdb4..6f3f934e6 100644 --- a/blogs/tags/containers/page/16.html +++ b/blogs/tags/containers/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/17.html b/blogs/tags/containers/page/17.html index 6d6c348a4..1f78e1ba5 100644 --- a/blogs/tags/containers/page/17.html +++ b/blogs/tags/containers/page/17.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ checkpoint/restore it is now possible to resume a container after a reboot at exactly the same point in time it was checkpointed.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/18.html b/blogs/tags/containers/page/18.html index 6276ec4f3..9087271b9 100644 --- a/blogs/tags/containers/page/18.html +++ b/blogs/tags/containers/page/18.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/2.html b/blogs/tags/containers/page/2.html index f9be580fa..3bce6e7f2 100644 --- a/blogs/tags/containers/page/2.html +++ b/blogs/tags/containers/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/3.html b/blogs/tags/containers/page/3.html index 99027b293..f9a738217 100644 --- a/blogs/tags/containers/page/3.html +++ b/blogs/tags/containers/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/4.html b/blogs/tags/containers/page/4.html index 8d4ff9c5e..c9ca5d13c 100644 --- a/blogs/tags/containers/page/4.html +++ b/blogs/tags/containers/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/5.html b/blogs/tags/containers/page/5.html index e84467a81..a075f5288 100644 --- a/blogs/tags/containers/page/5.html +++ b/blogs/tags/containers/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/6.html b/blogs/tags/containers/page/6.html index d107767a8..28adda2ef 100644 --- a/blogs/tags/containers/page/6.html +++ b/blogs/tags/containers/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/7.html b/blogs/tags/containers/page/7.html index 0663fa3e8..285201f32 100644 --- a/blogs/tags/containers/page/7.html +++ b/blogs/tags/containers/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/8.html b/blogs/tags/containers/page/8.html index 4155e8c37..fe139eb8b 100644 --- a/blogs/tags/containers/page/8.html +++ b/blogs/tags/containers/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    178 posts tagged with "containers"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/containers/page/9.html b/blogs/tags/containers/page/9.html index 811b7e98a..858445d60 100644 --- a/blogs/tags/containers/page/9.html +++ b/blogs/tags/containers/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/cri-o.html b/blogs/tags/cri-o.html index 010e5d303..934549921 100644 --- a/blogs/tags/cri-o.html +++ b/blogs/tags/cri-o.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/crun.html b/blogs/tags/crun.html index 716022980..51195c595 100644 --- a/blogs/tags/crun.html +++ b/blogs/tags/crun.html @@ -12,13 +12,13 @@ - +

    One post tagged with "crun"

    View All Tags

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/debian.html b/blogs/tags/debian.html index 1f438ea02..0d115fa75 100644 --- a/blogs/tags/debian.html +++ b/blogs/tags/debian.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/dependency-management.html b/blogs/tags/dependency-management.html index 1c08a406f..e5fdcbcd9 100644 --- a/blogs/tags/dependency-management.html +++ b/blogs/tags/dependency-management.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "dependency-management"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/distro.html b/blogs/tags/distro.html index 052d9e56e..c51145b93 100644 --- a/blogs/tags/distro.html +++ b/blogs/tags/distro.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose.html b/blogs/tags/docker-compose.html index 7bd1a92f6..57a312151 100644 --- a/blogs/tags/docker-compose.html +++ b/blogs/tags/docker-compose.html @@ -12,14 +12,14 @@ - +

    16 posts tagged with "docker compose"

    View All Tags

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/docker-compose/page/2.html b/blogs/tags/docker-compose/page/2.html index 339660165..ac49236e8 100644 --- a/blogs/tags/docker-compose/page/2.html +++ b/blogs/tags/docker-compose/page/2.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/docker.html b/blogs/tags/docker.html index 7b10b9713..ae054474f 100644 --- a/blogs/tags/docker.html +++ b/blogs/tags/docker.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/2.html b/blogs/tags/docker/page/2.html index a279005d5..20de2fb71 100644 --- a/blogs/tags/docker/page/2.html +++ b/blogs/tags/docker/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/3.html b/blogs/tags/docker/page/3.html index 7d646d314..859ff3d5b 100644 --- a/blogs/tags/docker/page/3.html +++ b/blogs/tags/docker/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/4.html b/blogs/tags/docker/page/4.html index df3796c8f..52f6cae7e 100644 --- a/blogs/tags/docker/page/4.html +++ b/blogs/tags/docker/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/docker/page/5.html b/blogs/tags/docker/page/5.html index 432f15f5e..ebb49d571 100644 --- a/blogs/tags/docker/page/5.html +++ b/blogs/tags/docker/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "docker"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/ebpf.html b/blogs/tags/ebpf.html index 6a694e1ef..280813098 100644 --- a/blogs/tags/ebpf.html +++ b/blogs/tags/ebpf.html @@ -12,13 +12,13 @@ - +

    One post tagged with "ebpf"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/git-lab.html b/blogs/tags/git-lab.html index 28ae427aa..7da999425 100644 --- a/blogs/tags/git-lab.html +++ b/blogs/tags/git-lab.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "GitLab"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/github.html b/blogs/tags/github.html index 005d2b2cd..53f99789c 100644 --- a/blogs/tags/github.html +++ b/blogs/tags/github.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/github/page/2.html b/blogs/tags/github/page/2.html index f82d37c44..43c026995 100644 --- a/blogs/tags/github/page/2.html +++ b/blogs/tags/github/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "github"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/go.html b/blogs/tags/go.html index b2500c0a5..dd90ff80a 100644 --- a/blogs/tags/go.html +++ b/blogs/tags/go.html @@ -12,7 +12,7 @@ - + @@ -37,7 +37,7 @@ at how easily that can be accomplished.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/golang.html b/blogs/tags/golang.html index 9c42dbd77..46574f97f 100644 --- a/blogs/tags/golang.html +++ b/blogs/tags/golang.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "golang"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/gpg.html b/blogs/tags/gpg.html index ce03a7482..ef3a15356 100644 --- a/blogs/tags/gpg.html +++ b/blogs/tags/gpg.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc.html b/blogs/tags/hpc.html index 08c5fbad5..db778314a 100644 --- a/blogs/tags/hpc.html +++ b/blogs/tags/hpc.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/10.html b/blogs/tags/hpc/page/10.html index 2cd9db82c..7d3916213 100644 --- a/blogs/tags/hpc/page/10.html +++ b/blogs/tags/hpc/page/10.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ home directory.

    · 5 min read

    podman logo

    Podman in HPC environments

    By Adrian Reber GitHub

    A High-Performance Computing (HPC) environment can mean a lot of things, but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/2.html b/blogs/tags/hpc/page/2.html index 32620dc43..fd44a9437 100644 --- a/blogs/tags/hpc/page/2.html +++ b/blogs/tags/hpc/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/3.html b/blogs/tags/hpc/page/3.html index 86cc1a2b2..77a0195db 100644 --- a/blogs/tags/hpc/page/3.html +++ b/blogs/tags/hpc/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/4.html b/blogs/tags/hpc/page/4.html index 9cb309ad8..735b8db90 100644 --- a/blogs/tags/hpc/page/4.html +++ b/blogs/tags/hpc/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/5.html b/blogs/tags/hpc/page/5.html index 665d1f86d..ab92e4b71 100644 --- a/blogs/tags/hpc/page/5.html +++ b/blogs/tags/hpc/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/6.html b/blogs/tags/hpc/page/6.html index b6756533b..ff0c89ab9 100644 --- a/blogs/tags/hpc/page/6.html +++ b/blogs/tags/hpc/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/7.html b/blogs/tags/hpc/page/7.html index a5d0d664f..b42c03366 100644 --- a/blogs/tags/hpc/page/7.html +++ b/blogs/tags/hpc/page/7.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/8.html b/blogs/tags/hpc/page/8.html index f6c2d4d56..20e125758 100644 --- a/blogs/tags/hpc/page/8.html +++ b/blogs/tags/hpc/page/8.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/hpc/page/9.html b/blogs/tags/hpc/page/9.html index 19541a15a..9d836a5a3 100644 --- a/blogs/tags/hpc/page/9.html +++ b/blogs/tags/hpc/page/9.html @@ -12,13 +12,13 @@ - +

    93 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/images.html b/blogs/tags/images.html index 341ca28bf..e5bb639ec 100644 --- a/blogs/tags/images.html +++ b/blogs/tags/images.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/2.html b/blogs/tags/images/page/2.html index cbd7cb447..c31784792 100644 --- a/blogs/tags/images/page/2.html +++ b/blogs/tags/images/page/2.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/3.html b/blogs/tags/images/page/3.html index c9f6ab6a6..e4d519b61 100644 --- a/blogs/tags/images/page/3.html +++ b/blogs/tags/images/page/3.html @@ -12,13 +12,13 @@ - +

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/4.html b/blogs/tags/images/page/4.html index 188a73bac..dc9f775ba 100644 --- a/blogs/tags/images/page/4.html +++ b/blogs/tags/images/page/4.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/images/page/5.html b/blogs/tags/images/page/5.html index 0576d8c8a..97d75c61f 100644 --- a/blogs/tags/images/page/5.html +++ b/blogs/tags/images/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    47 posts tagged with "images"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/kube.html b/blogs/tags/kube.html index af7ed5e13..234583901 100644 --- a/blogs/tags/kube.html +++ b/blogs/tags/kube.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/2.html b/blogs/tags/kube/page/2.html index 3d6aafa88..bce83cd78 100644 --- a/blogs/tags/kube/page/2.html +++ b/blogs/tags/kube/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/3.html b/blogs/tags/kube/page/3.html index b5e735ff6..73ede3b01 100644 --- a/blogs/tags/kube/page/3.html +++ b/blogs/tags/kube/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/4.html b/blogs/tags/kube/page/4.html index a3426168c..4fe8ca3fb 100644 --- a/blogs/tags/kube/page/4.html +++ b/blogs/tags/kube/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/5.html b/blogs/tags/kube/page/5.html index aa564d58b..7e2a6e152 100644 --- a/blogs/tags/kube/page/5.html +++ b/blogs/tags/kube/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/6.html b/blogs/tags/kube/page/6.html index af6bc456b..881ec788c 100644 --- a/blogs/tags/kube/page/6.html +++ b/blogs/tags/kube/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    61 posts tagged with "kube"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kube/page/7.html b/blogs/tags/kube/page/7.html index 6685fee99..989ce0d78 100644 --- a/blogs/tags/kube/page/7.html +++ b/blogs/tags/kube/page/7.html @@ -12,13 +12,13 @@ - +

    61 posts tagged with "kube"

    View All Tags

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes.html b/blogs/tags/kubernetes.html index 4f1b0b43a..8df069e22 100644 --- a/blogs/tags/kubernetes.html +++ b/blogs/tags/kubernetes.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/2.html b/blogs/tags/kubernetes/page/2.html index c1f99c0b5..f23c42ccd 100644 --- a/blogs/tags/kubernetes/page/2.html +++ b/blogs/tags/kubernetes/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/3.html b/blogs/tags/kubernetes/page/3.html index 0c50b389c..ff88d8b28 100644 --- a/blogs/tags/kubernetes/page/3.html +++ b/blogs/tags/kubernetes/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/4.html b/blogs/tags/kubernetes/page/4.html index ba0d4782d..9e6bfa81e 100644 --- a/blogs/tags/kubernetes/page/4.html +++ b/blogs/tags/kubernetes/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/5.html b/blogs/tags/kubernetes/page/5.html index 3f20602a9..56f5009ea 100644 --- a/blogs/tags/kubernetes/page/5.html +++ b/blogs/tags/kubernetes/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/6.html b/blogs/tags/kubernetes/page/6.html index a0123d9f7..89bcdf9db 100644 --- a/blogs/tags/kubernetes/page/6.html +++ b/blogs/tags/kubernetes/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/kubernetes/page/7.html b/blogs/tags/kubernetes/page/7.html index 0d777ebfa..73ed8eed6 100644 --- a/blogs/tags/kubernetes/page/7.html +++ b/blogs/tags/kubernetes/page/7.html @@ -12,13 +12,13 @@ - +

    62 posts tagged with "kubernetes"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    - + \ No newline at end of file diff --git a/blogs/tags/kubic.html b/blogs/tags/kubic.html index 4e9d80abd..0fefac074 100644 --- a/blogs/tags/kubic.html +++ b/blogs/tags/kubic.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ the default repos, thanks to the amazing work of Reinhard Tartler and team.

    The package versions available currently are: Podman 3.4, Buildah 1.23 and Skopeo 1.4.

    There won't be any further updates to the Kubic repos as far as Podman, Buildah and Skopeo are concerned, so users are recommended to use the default repos on 22.04 LTS.

    If you're currently using packages from the Kubic repos, it’s highly recommended to uninstall the Kubic packages prior to upgrading to 22.04 LTS.

    - + \ No newline at end of file diff --git a/blogs/tags/linux.html b/blogs/tags/linux.html index f6df04c81..b3a2be245 100644 --- a/blogs/tags/linux.html +++ b/blogs/tags/linux.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/mac-os.html b/blogs/tags/mac-os.html index 895462b73..82f016870 100644 --- a/blogs/tags/mac-os.html +++ b/blogs/tags/mac-os.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ deliver is the ability to mount volumes from MacOS into the virtual machine. We decided to backport some code to make it available to users more quickly. As such, it is possible if not likely that there will be more changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    - + \ No newline at end of file diff --git a/blogs/tags/mac.html b/blogs/tags/mac.html index bb6f1c89c..331ebca2d 100644 --- a/blogs/tags/mac.html +++ b/blogs/tags/mac.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/2.html b/blogs/tags/mac/page/2.html index d7e9d03b5..52aa695e0 100644 --- a/blogs/tags/mac/page/2.html +++ b/blogs/tags/mac/page/2.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/3.html b/blogs/tags/mac/page/3.html index efab3c8a0..7e74b395f 100644 --- a/blogs/tags/mac/page/3.html +++ b/blogs/tags/mac/page/3.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    From Docker Compose to Kubernetes with Podman

    By Brent Baude GitHub

    If you want to know how to use Podman v3.0 to convert Docker Compose YAML to a format that Podman recognizes, Brent Baude explains the "how to" in a recent blog post on the Red Hat Enable Sysadmin site, From Docker Compose to Kubernetes with Podman. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/4.html b/blogs/tags/mac/page/4.html index e1b83024f..2744d16c5 100644 --- a/blogs/tags/mac/page/4.html +++ b/blogs/tags/mac/page/4.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ opensourcers.org which talks about the basics of containers, how digests and manifests come into play, working with and creating multi-architecture images and more! It is a really nice discussion of all the pieces and parts of a container image for someone new to the technology right through people who are a lot more experienced, but might not know every nook and cranny.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/5.html b/blogs/tags/mac/page/5.html index 7be155189..f7b230681 100644 --- a/blogs/tags/mac/page/5.html +++ b/blogs/tags/mac/page/5.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/mac/page/6.html b/blogs/tags/mac/page/6.html index 145115d1b..5539f5a5e 100644 --- a/blogs/tags/mac/page/6.html +++ b/blogs/tags/mac/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    56 posts tagged with "mac"

    View All Tags

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/microsoft.html b/blogs/tags/microsoft.html index c54f1bc31..51a37deaf 100644 --- a/blogs/tags/microsoft.html +++ b/blogs/tags/microsoft.html @@ -12,13 +12,13 @@ - +

    6 posts tagged with "microsoft"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/multiarch.html b/blogs/tags/multiarch.html index 05c8aec3d..3636678f7 100644 --- a/blogs/tags/multiarch.html +++ b/blogs/tags/multiarch.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/netavark.html b/blogs/tags/netavark.html index 6d22af9ca..ea090a527 100644 --- a/blogs/tags/netavark.html +++ b/blogs/tags/netavark.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "netavark"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/network.html b/blogs/tags/network.html index 2c21084f1..5594e0f6b 100644 --- a/blogs/tags/network.html +++ b/blogs/tags/network.html @@ -12,13 +12,13 @@ - +

    3 posts tagged with "network"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/networking.html b/blogs/tags/networking.html index 0998e3539..307c37b92 100644 --- a/blogs/tags/networking.html +++ b/blogs/tags/networking.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/10.html b/blogs/tags/networking/page/10.html index ed9d9ce1f..8816db0fb 100644 --- a/blogs/tags/networking/page/10.html +++ b/blogs/tags/networking/page/10.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/2.html b/blogs/tags/networking/page/2.html index f668142cf..f638ba1ba 100644 --- a/blogs/tags/networking/page/2.html +++ b/blogs/tags/networking/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/3.html b/blogs/tags/networking/page/3.html index de4835038..5ced31652 100644 --- a/blogs/tags/networking/page/3.html +++ b/blogs/tags/networking/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/4.html b/blogs/tags/networking/page/4.html index 68544ede6..dfb4bfdd9 100644 --- a/blogs/tags/networking/page/4.html +++ b/blogs/tags/networking/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/5.html b/blogs/tags/networking/page/5.html index 9055e799f..a70e6cfb9 100644 --- a/blogs/tags/networking/page/5.html +++ b/blogs/tags/networking/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/6.html b/blogs/tags/networking/page/6.html index 97578b826..4f507a16e 100644 --- a/blogs/tags/networking/page/6.html +++ b/blogs/tags/networking/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/7.html b/blogs/tags/networking/page/7.html index f240488af..892f36716 100644 --- a/blogs/tags/networking/page/7.html +++ b/blogs/tags/networking/page/7.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/8.html b/blogs/tags/networking/page/8.html index c6e43cd63..1e7794e79 100644 --- a/blogs/tags/networking/page/8.html +++ b/blogs/tags/networking/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/networking/page/9.html b/blogs/tags/networking/page/9.html index 2bb57466b..3aacb530f 100644 --- a/blogs/tags/networking/page/9.html +++ b/blogs/tags/networking/page/9.html @@ -12,13 +12,13 @@ - +

    92 posts tagged with "networking"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    - + \ No newline at end of file diff --git a/blogs/tags/nfs.html b/blogs/tags/nfs.html index 4532861e4..2deb12457 100644 --- a/blogs/tags/nfs.html +++ b/blogs/tags/nfs.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/oci.html b/blogs/tags/oci.html index 9f3ff2c1e..e3eed206a 100644 --- a/blogs/tags/oci.html +++ b/blogs/tags/oci.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/2.html b/blogs/tags/oci/page/2.html index 97298eb5d..e1125efa4 100644 --- a/blogs/tags/oci/page/2.html +++ b/blogs/tags/oci/page/2.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/3.html b/blogs/tags/oci/page/3.html index 3d69e223f..85e48f540 100644 --- a/blogs/tags/oci/page/3.html +++ b/blogs/tags/oci/page/3.html @@ -12,13 +12,13 @@ - +

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · One min read

    podman logo

    The current adoption status of cgroup v2 in containers

    By Tom Sweeney GitHub

    In case you missed Akihiro Suda's post on Medium.com, The current adoption status of cgroup v2 in containers, here's a quick link to it. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change.

    · One min read

    podman logo

    PMM Server + podman: Running a Container Without root Privileges

    By Tom Sweeney GitHub

    Ceri Williams talks about how the Percona Monitoring and Management (PMM) can be run in a container using Podman without root privileges here. In the post Ceri talks about how Percona was able to replace Docker with Podman and Buildah and are able to run containers more securely by doing so.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/4.html b/blogs/tags/oci/page/4.html index 4fa83df69..ea6790866 100644 --- a/blogs/tags/oci/page/4.html +++ b/blogs/tags/oci/page/4.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    - + \ No newline at end of file diff --git a/blogs/tags/oci/page/5.html b/blogs/tags/oci/page/5.html index dfe978a17..fac6a32c9 100644 --- a/blogs/tags/oci/page/5.html +++ b/blogs/tags/oci/page/5.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    49 posts tagged with "oci"

    View All Tags

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    · 5 min read

    podman logo buildah logo

    Buildah and Podman Relationship

    By Tom Sweeney GitHub

    Kubernetes installations can be complex with multiple runtime dependencies and runtime engines. CRI-O was created to provide a lightweight runtime for Kubernetes which adds an abstraction layer between the cluster and the runtime that allows for various OCI runtime technologies. However you still have the problem of daemon dependencies in your cluster for builds - I.e. if you are using the cluster for builds you still need a Docker daemon.

    Enter Buildah. Buildah allows you to have a Kubernetes cluster without any Docker daemon for both runtime and builds. Excellent. But what if things go wrong? What if you want to do troubleshooting or debugging of containers in your cluster? Buildah isn’t really built for that, what you need is a client tool for working with containers and the one that comes to mind is Docker CLI - but then you’re back to using the daemon.

    This is where Podman steps in. Podman allows you to do all of the Docker commands without the daemon dependency. With Podman you can run, build (it calls Buildah under the covers for this), modify and troubleshoot containers in your Kubernetes cluster. With the two projects together, you have a well rounded solution for your OCI container image and container needs.

    - + \ No newline at end of file diff --git a/blogs/tags/open-source.html b/blogs/tags/open-source.html index 39792f196..38cfe285b 100644 --- a/blogs/tags/open-source.html +++ b/blogs/tags/open-source.html @@ -12,13 +12,13 @@ - +

    One post tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/openstack.html b/blogs/tags/openstack.html index e768aa78c..19d7e2d07 100644 --- a/blogs/tags/openstack.html +++ b/blogs/tags/openstack.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ from Docker to Podman containers.

    Read More

    - + \ No newline at end of file diff --git a/blogs/tags/pod.html b/blogs/tags/pod.html index 4204f18fd..33b00cbc0 100644 --- a/blogs/tags/pod.html +++ b/blogs/tags/pod.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/2.html b/blogs/tags/pod/page/2.html index 3e273bfb9..69980b9e1 100644 --- a/blogs/tags/pod/page/2.html +++ b/blogs/tags/pod/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/3.html b/blogs/tags/pod/page/3.html index 319971dfb..ad97bd6cd 100644 --- a/blogs/tags/pod/page/3.html +++ b/blogs/tags/pod/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/4.html b/blogs/tags/pod/page/4.html index 5570d4e6b..c449138b1 100644 --- a/blogs/tags/pod/page/4.html +++ b/blogs/tags/pod/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/5.html b/blogs/tags/pod/page/5.html index 50392d428..9600e2a00 100644 --- a/blogs/tags/pod/page/5.html +++ b/blogs/tags/pod/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/6.html b/blogs/tags/pod/page/6.html index 30c8151cf..d5430e92b 100644 --- a/blogs/tags/pod/page/6.html +++ b/blogs/tags/pod/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    82 posts tagged with "pod"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/7.html b/blogs/tags/pod/page/7.html index c1221fb7c..4dec8e741 100644 --- a/blogs/tags/pod/page/7.html +++ b/blogs/tags/pod/page/7.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/8.html b/blogs/tags/pod/page/8.html index 47a77ce20..27feb9912 100644 --- a/blogs/tags/pod/page/8.html +++ b/blogs/tags/pod/page/8.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/pod/page/9.html b/blogs/tags/pod/page/9.html index 708cbe35b..395965737 100644 --- a/blogs/tags/pod/page/9.html +++ b/blogs/tags/pod/page/9.html @@ -12,13 +12,13 @@ - +

    82 posts tagged with "pod"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/podman-machine.html b/blogs/tags/podman-machine.html index 32141ea4b..e4703512f 100644 --- a/blogs/tags/podman-machine.html +++ b/blogs/tags/podman-machine.html @@ -12,13 +12,13 @@ - +

    One post tagged with "podman+machine"

    View All Tags

    · 3 min read

    boot2podman logo

    Podman Machine and Boot2podman

    By Anders F Björklund GitHub

    Update: September 9, 2021 - Tom Sweeney

    This post initially discussed the boot2podman/machine project, which Anders has since deprecated. Starting with Podman v3.3, the podman machine command now does that same function and is part of the Podman project. Please see Brent Baude's update or the podman machine man page on docs.podman.io for more information on how to run Podman machine. The podman-machine command has been deprecated.

    In addition, the Podman team is investigating the possibility of creating Podman Desktop. Please see the issue on GitHub, and please add your comments or thoughts to that issue.

    More updates are coming, and please keep your eye on the Podman Mailing List and podman.io for further information and developments.

    Finally, a very big thank you to Anders for his many contributions to Podman, particularly for his work in getting Podman to work smoothly on macOS.

    Original Post

    By using podman-machine and indirectly boot2podman, it is easy to get started with podman even if your local host does not support it...

    It will start a virtual machine, with everything to run containers. This includes podman and buildah, and remote access over varlink.

    - + \ No newline at end of file diff --git a/blogs/tags/podman.html b/blogs/tags/podman.html index f1b442ba2..3572f3845 100644 --- a/blogs/tags/podman.html +++ b/blogs/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -44,7 +44,7 @@ macvlan without a gateway address. New packages for Fedora 36 and the Podman4 COPR are being built and should be available shortly.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/10.html b/blogs/tags/podman/page/10.html index 0c66f7875..fdcdb77fd 100644 --- a/blogs/tags/podman/page/10.html +++ b/blogs/tags/podman/page/10.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/11.html b/blogs/tags/podman/page/11.html index c19f7984a..924cc64bb 100644 --- a/blogs/tags/podman/page/11.html +++ b/blogs/tags/podman/page/11.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/12.html b/blogs/tags/podman/page/12.html index 6352da0d6..cbcb7facd 100644 --- a/blogs/tags/podman/page/12.html +++ b/blogs/tags/podman/page/12.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/13.html b/blogs/tags/podman/page/13.html index 757ecf7ff..f417b2e28 100644 --- a/blogs/tags/podman/page/13.html +++ b/blogs/tags/podman/page/13.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    podman logo

    Blog posts from the Web

    By Tom Sweeney GitHub

    Over the holiday break, a number of great posts were added to a number of sites that filled up my Twitter feed, so I thought I'd throw together a quick block with links to the highlights from the past month:

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Working with Linux containers on RHEL 8 with Podman, image builder and web console

    By Tom Sweeney GitHub

    Do you want to know how to setup RHEL 8 to run containers using Podman? Xuegang Jin has a blog post on the Red Hat Blog about this very subject, Working with Linux containers on RHEL 8 with Podman, image builder and web console. In the post Xuegang explains how you can use Image Builder to create an OS image, how to run containers with Podman, and how to check the host and containers performance using Web Console.

    · One min read

    podman logo

    Understanding root inside and outside a container

    By Tom Sweeney GitHub

    Do you run containers as root, or as a regular user? Scott McCarty has a blog post on the Red Hat Blog about this very subject, Understanding root inside and outside a container. In the post Scott walks you through what a rootless container does and how it can be a safer alternative to a container run by root.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/14.html b/blogs/tags/podman/page/14.html index ae2c217c8..984c69d14 100644 --- a/blogs/tags/podman/page/14.html +++ b/blogs/tags/podman/page/14.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ introduced how Podman can be used to run containers under the control of Open MPI. In this article I want to extend my HPC environment to use a shared NFS home directory.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/15.html b/blogs/tags/podman/page/15.html index e2ad4b638..7f092f3be 100644 --- a/blogs/tags/podman/page/15.html +++ b/blogs/tags/podman/page/15.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ but in this article I want to focus on running Message Passing Interface (MPI) parallelized programs with the help of Podman.

    · One min read

    podman logo

    Why can’t rootless Podman pull my image?

    By Matthew Heon GitHub

    Matthew Heon has a blog post on the Red Hat Enable Sysadmin site about Why can’t rootless Podman pull my image?. In the blog Matt discusses why restrictions on rootless containers can be inconvenient, but why they're necessary. In the blog Matt covers the use of user namespace and the allocations of uid and gid's that are required to make rootless containers work securely in your environment.

    · One min read

    podman logo

    Best practices for running Buildah in a container

    By Dan Walsh GitHub

    Dan Walsh has recently posted a blog on the Red Hat Developer Blog, Best practices for running Buildah in a container. The post walks you through the balancing act of running a container securely using while keeping an eye on performance. A big boost to the performance side of things is the concept of "Additional Stores". Dan walks you through the use of those in this blog and then wraps it all up with an on-line video at the end.

    · One min read

    podman logo

    Using the rootless containers Tech Preview in RHEL 8.0

    By Tom Sweeney GitHub

    Scott McCarty has a blog post on the Red Hat Blog about Using the rootless containers Tech Preview in RHEL 8.0. Podman rootless containers has hit Tech Preview for RHEL 8.0 and Scott walks you through the setup necessary for rootless containers. Small hint, it's a short post because it's just that easy.

    · One min read

    podman logo

    How templating works with Podman, Kubernetes, and Red Hat OpenShift

    By Tom Sweeney GitHub

    Olaph Wagner has put together a nice introduction on How templating works with Podman, Kubernetes, and Red Hat OpenShift on the IBM Developer blog site. If you want to find out how to use Podman to create images that helps Red Hat OpenShift to make templates on the IBM Cloud(TM), then this is the article for you!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/16.html b/blogs/tags/podman/page/16.html index 28eca732a..e16db8d87 100644 --- a/blogs/tags/podman/page/16.html +++ b/blogs/tags/podman/page/16.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    · One min read

    podman logo

    OnDemand Course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman

    By Tom Sweeney GitHub

    Red Hat has recently posted an OnDemand course: Container pipelines for sys admins—and anyone, really—with Buildah and Podman. The session teaches you how to integrate both Podman and Buildah into your continuous delivery (CI/CD) solutions and also serves as a good introduction to both tools. The cost can't be beat (free!), so if you're looking for a quick introduction into the tools, this is a good way to go.

    · 2 min read

    podman logo

    Podman Mailing List

    By Tom Sweeney GitHub

    We've received a number of requests for a mailing list for Podman and we're happy to announce that one has just been created! We've built a friendly community on IRC and GitHub and plan to continue that growth in this new mailing list. The maintainers of the project are all members of the list and we're happy to take any and all questions there about Podman. You can also just use the list as a way to track what's going on with Podman as release announcements and other important news will be posted there.

    · One min read

    podman logo

    Monitoring container vitality and availability with Podman

    By Brent Baude GitHub

    Who doesn't want a healthy container in their environment? Now with Podman you can setup healthchecks so you can check if your container and it's application is up and running as you'd expect. Brent Baude introduces the new functionality in this article on the Red Hat Developer Blog: Monitoring container vitality and availability with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/17.html b/blogs/tags/podman/page/17.html index 1ac2d4644..3b073ee3d 100644 --- a/blogs/tags/podman/page/17.html +++ b/blogs/tags/podman/page/17.html @@ -12,7 +12,7 @@ - + @@ -33,7 +33,7 @@ sometimes the user's environment will not allow them to install all the packages needed; or perhaps the user is intimidated by building from source; or perhaps the user would prefer the RPM package because it will make the upgrade process easier down the road.

    To solve this problem, I have created a series of container images for CentOS7, Fedora 28, and Fedora 29 that are capable of building a development Podman RPM and associated packages.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/18.html b/blogs/tags/podman/page/18.html index d8ebed959..08ba640f0 100644 --- a/blogs/tags/podman/page/18.html +++ b/blogs/tags/podman/page/18.html @@ -12,7 +12,7 @@ - + @@ -31,7 +31,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/19.html b/blogs/tags/podman/page/19.html index 1b39e2edd..7a38a3166 100644 --- a/blogs/tags/podman/page/19.html +++ b/blogs/tags/podman/page/19.html @@ -12,13 +12,13 @@ - +

    181 posts tagged with "podman"

    View All Tags

    · 6 min read

    podman logo

    Python3 support for Podman

    By Jhon Honce GitHub

    You’ve learned of Podman and all it’s coolness for running OCI-based containers, but you need a solution that is repeatable and scripted. Rather than just executing Podman commands, you want a stable API to call into and not need to screen scrape the output.

    We heard you and now provide a Python package, python3-podman. This package allows you to access the facilities of a Podman service with #nobigfatdaemons.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/2.html b/blogs/tags/podman/page/2.html index aba499b97..98f253bab 100644 --- a/blogs/tags/podman/page/2.html +++ b/blogs/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -24,7 +24,7 @@ changes around volume mounts in subsequent Podman releases (i.e. default mounts, technology used to make the mount).

    · 2 min read

    podman logo

    Podman 4 is not in Fedora 35

    Podman 4 will not officially ship in Fedora 35 because it has breaking changes from Podman 3. Fedora has well-founded policies that forbid updating a package in a Fedora release, like 35, that has breaking changes. This is true for most Linux distributions that are dependent on release versions.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/3.html b/blogs/tags/podman/page/3.html index 9f459dbb3..c3f1e0309 100644 --- a/blogs/tags/podman/page/3.html +++ b/blogs/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/4.html b/blogs/tags/podman/page/4.html index dca411191..376d75cb2 100644 --- a/blogs/tags/podman/page/4.html +++ b/blogs/tags/podman/page/4.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/5.html b/blogs/tags/podman/page/5.html index 0ebd46aad..d076d3e2c 100644 --- a/blogs/tags/podman/page/5.html +++ b/blogs/tags/podman/page/5.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/6.html b/blogs/tags/podman/page/6.html index 0f7035a35..25297f7f2 100644 --- a/blogs/tags/podman/page/6.html +++ b/blogs/tags/podman/page/6.html @@ -12,7 +12,7 @@ - + @@ -34,7 +34,7 @@ job of walking through setting up the demo and running it.

    · 3 min read

    podman logo

    Using Podman and systemd to manage container lifecycle

    By Ed Haynes GitHub

    My background is in industrial automation, and in most cases, the edge devices in the factory are too underpowered to run Kubernetes as a method to manage the lifecycle of containers. The workloads have a very long lifecycle, and generally are "tied" to the edge device. There is a lot of value in containerizing applications on these edge devices, however, as it decouples the application dependencies from the OS and provides a level of isolation between applications. This demo will show how using Podman in conjunction with systemd provides an elegant solution for this sort of use case. In addition, this will be done as a "rootless" user - a key benefit of Podman that helps keep the device secure.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/7.html b/blogs/tags/podman/page/7.html index 204ac1a0b..c037ed7a5 100644 --- a/blogs/tags/podman/page/7.html +++ b/blogs/tags/podman/page/7.html @@ -12,7 +12,7 @@ - + @@ -27,7 +27,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/8.html b/blogs/tags/podman/page/8.html index 7e3456e34..2f6ddd0ea 100644 --- a/blogs/tags/podman/page/8.html +++ b/blogs/tags/podman/page/8.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    181 posts tagged with "podman"

    View All Tags

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    - + \ No newline at end of file diff --git a/blogs/tags/podman/page/9.html b/blogs/tags/podman/page/9.html index 7120024fb..3d0a48c60 100644 --- a/blogs/tags/podman/page/9.html +++ b/blogs/tags/podman/page/9.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    - + \ No newline at end of file diff --git a/blogs/tags/python.html b/blogs/tags/python.html index e0e70359f..704289577 100644 --- a/blogs/tags/python.html +++ b/blogs/tags/python.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "python"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/rails.html b/blogs/tags/rails.html index decbc7625..46a872bfb 100644 --- a/blogs/tags/rails.html +++ b/blogs/tags/rails.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rename.html b/blogs/tags/rename.html index fd18209b2..7c8484624 100644 --- a/blogs/tags/rename.html +++ b/blogs/tags/rename.html @@ -12,13 +12,13 @@ - +

    9 posts tagged with "rename"

    View All Tags

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api.html b/blogs/tags/rest-api.html index f73066148..08d29d6b9 100644 --- a/blogs/tags/rest-api.html +++ b/blogs/tags/rest-api.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/2.html b/blogs/tags/rest-api/page/2.html index 0f706f5d4..e422a5b17 100644 --- a/blogs/tags/rest-api/page/2.html +++ b/blogs/tags/rest-api/page/2.html @@ -12,14 +12,14 @@ - +

    22 posts tagged with "rest-api"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    · One min read

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    More details in the announcement post.

    · 2 min read

    podman logo

    Update on Podman v2

    By Brent Baude GitHub

    A few weeks ago, we made an announcement about the development of Podman V2. In the announcement, we mentioned that the state of upstream code would be jumbled for a while and that we would be temporarily disabling many of our CI/CD tests. The upstream development team has been hard at work, and we are starting to see that work pay off.

    Today, we are very excited to announce:

    The local Podman v2 client is complete. It is passing all of its rootful and rootless system and integration tests.

    The CI/CID tests have been re-enabled upstream and are run with each pull request submission. We are now hard at work finishing up some of the core podman-remote functions. Once those functions are complete, we can then begin to run our podman-remote system and integration tests to catch any regressions.

    We have re-enabled the autobuilds for Podman v2 in Fedora rawhide. As mentioned earlier, the Podman remote client is not complete, so that binary is temporarily being removed from the RPM. It will be re-added when the remote client is complete. As a corollary, the Windows and OS/X clients are also not being compiled or tested. This will occur once the remote client for Linux is complete.

    We encourage you to pull the latest upstream Podman code and exercise it with your use cases to help us protect against regressions from Podman v1. We hope to make a full Podman v2.0 release in several weeks, once we are confident it is stable. We look forward to hearing what you think, and please do not hesitate to raise issues and comments on this in our GitHub repository, our Freenode IRC channel #podman, or to the Podman mailing list.

    We’re very excited to bring Podman v2.0 to you as it offers a lot more flexibility through it’s new REST API interface and adds several enhancements to the existing commands. If your project builds on top of Podman, we would especially love to have you test this new version out so we can ensure complete compatibility with Podman v1.0 and address any issues found ASAP.

    Note: This announcement was first released to the Podman mailing list. If you are not yet a member of that community, please join us by sending an email to podman-join@lists.podman.io with the word “subscribe” as the title.

    - + \ No newline at end of file diff --git a/blogs/tags/rest-api/page/3.html b/blogs/tags/rest-api/page/3.html index 0c484ab80..e73bd1652 100644 --- a/blogs/tags/rest-api/page/3.html +++ b/blogs/tags/rest-api/page/3.html @@ -12,7 +12,7 @@ - + @@ -42,7 +42,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/rest.html b/blogs/tags/rest.html index be77fc4e1..a123f4f12 100644 --- a/blogs/tags/rest.html +++ b/blogs/tags/rest.html @@ -12,13 +12,13 @@ - +

    22 posts tagged with "rest"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/2.html b/blogs/tags/rest/page/2.html index ae939373c..220d70c9d 100644 --- a/blogs/tags/rest/page/2.html +++ b/blogs/tags/rest/page/2.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ the upstream commands may become unstable for a period of time until the final release is completed. More details in the announcement post.

    - + \ No newline at end of file diff --git a/blogs/tags/rest/page/3.html b/blogs/tags/rest/page/3.html index b9953e15f..a8b35ee25 100644 --- a/blogs/tags/rest/page/3.html +++ b/blogs/tags/rest/page/3.html @@ -12,7 +12,7 @@ - + @@ -39,7 +39,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    · 3 min read

    podman logo

    By Brent Baude GitHub

    If you follow the traffic on IRC (#podman on libera.chat) or GitHub from the developers of libpod, you might have seen us referencing a new API. We often referred to it as apiv2 and for about a month, there has been an 'apiv2' branch for libpod on GitHub. This week, we have begun to merge that branch but have yet to “wire it up.”

    First and foremost, the Golang libpod API remains largely unchanged. What is changing is the API we expose for automation and remote usage. Our previous API was based on the varlink protocol. But we heard from users that varlink was a hurdle for libpod adoption especially for those who were using the Docker API and its bindings. They simply could not or did not want to rewrite their custom applications for libpod’s new, varlink-based API.

    - + \ No newline at end of file diff --git a/blogs/tags/restful.html b/blogs/tags/restful.html index ee75dac8c..e8a39bb63 100644 --- a/blogs/tags/restful.html +++ b/blogs/tags/restful.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "restful"

    View All Tags

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    - + \ No newline at end of file diff --git a/blogs/tags/rootless.html b/blogs/tags/rootless.html index f79e48b6a..0a8b3f19a 100644 --- a/blogs/tags/rootless.html +++ b/blogs/tags/rootless.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    10 posts tagged with "rootless"

    View All Tags

    · 10 min read

    podman logo

    Bioinformatics with rootless podman

    By Valentin Rothberg GitHub

    Over the last 10 years I've seen machines and workflows evolve where I work. From the initial dedicated server, to hpc environments and now the latest instance, containers.

    From an admin point of view this is great - The initial servers had to be carefully built and maintained so that everything would work nicely together. Incompatible programs at that time were run through a VM until such time as they could be folded in to the mix.

    The HPC's had versioned software and environment modules and were built to load the relevant dependencies at run time.

    Now we are into a new era, containers - and not just any old containers, but containers that end users can build and run up fairly quickly to perform what-if's, and move on quickly through iterations until they perform the required functions.

    Podman has developed very rapidly and is incredibly easy to use. You can use it in conjunction with quay.io or run it on a local machine.

    I should add that Adrian Reber gave a talk and has also created a Podman article using openhpc; well worth a watch and a read.

    If you don't have a RedHat Developer Subscription now is an ideal time to get one:

    https://developers.redhat.com/articles/getting-red-hat-developer-subscription-what-rhel-users-need-know/

    ..and download RedHat Enterprise 8.1

    · 8 min read

    podman logo

    First Look: Rootless Containers and cgroup v2 on Fedora 31

    By Tom Sweeney GitHub

    I often times stay up too late at night watching late night television and run into these crazy commercials that tell you how easy their product is to use. If you’ve stayed up too, you know them as well. Just put your chicken and veggies in our oven, press 3 buttons and 45 minutes later a perfectly cooked meal! Easy! Got a leak? Slap on this tape and no more leak! Easy! Got a messy floor, just use this sweeper and you’ve the cleanest floor in the neighborhood! Easy!

    Podman runs secure rootless containers and it really is easy! Trust me, I’m not like those other folks! As we’ve had a number of people asking us about what’s needed to set Podman rootless containers up, I decided to run through the process myself and to blog about the steps I took.

    - + \ No newline at end of file diff --git a/blogs/tags/ruby.html b/blogs/tags/ruby.html index d5c84ad75..c2d7e5724 100644 --- a/blogs/tags/ruby.html +++ b/blogs/tags/ruby.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ of developer's productivity? Read about how one company did it for Ruby on Rails application in new article on mkdev.me blog: Dockerless, part 3: Moving development environment to containers with Podman.

    - + \ No newline at end of file diff --git a/blogs/tags/runner.html b/blogs/tags/runner.html index 803afb85c..117de9019 100644 --- a/blogs/tags/runner.html +++ b/blogs/tags/runner.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "Runner"

    View All Tags

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime.html b/blogs/tags/runtime.html index 08d694bfe..661e95641 100644 --- a/blogs/tags/runtime.html +++ b/blogs/tags/runtime.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    · One min read

    podman logo

    Running containers with Podman and shareable systemd services

    By Bryan Hepworth GitHub

    Podman version 1.7 is coming out soon and will include new features that will make management of containers with systemd services even easier. Valentin Rothberg has a blog post on the Red Hat Enable Sysadmin site that previews the features: Running containers with Podman and shareable systemd services. In the post Valentin goes over the highlights and then gives a great working example.

    · One min read

    podman logo

    Leasing routable IP addresses with Podman containers

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Leasing routable IP addresses with Podman containers. In the post Brent talks about using the macvlan and the dhcp plugins that ship with the container-networking project in order to lease ip addresses for your containers.

    - + \ No newline at end of file diff --git a/blogs/tags/runtime/page/2.html b/blogs/tags/runtime/page/2.html index 97d125511..900274b50 100644 --- a/blogs/tags/runtime/page/2.html +++ b/blogs/tags/runtime/page/2.html @@ -12,13 +12,13 @@ - +

    13 posts tagged with "runtime"

    View All Tags

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    - + \ No newline at end of file diff --git a/blogs/tags/rust.html b/blogs/tags/rust.html index 3f999de79..7dc7cb5a9 100644 --- a/blogs/tags/rust.html +++ b/blogs/tags/rust.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    One post tagged with "rust"

    View All Tags

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/seccomp.html b/blogs/tags/seccomp.html index f0a1d9ff3..a8c399181 100644 --- a/blogs/tags/seccomp.html +++ b/blogs/tags/seccomp.html @@ -12,13 +12,13 @@ - +

    One post tagged with "seccomp"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/security.html b/blogs/tags/security.html index 338b4f703..6d02e6079 100644 --- a/blogs/tags/security.html +++ b/blogs/tags/security.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "security"

    View All Tags

    · One min read

    podman logo

    Podman Security Issue

    Today, we're releasing updates to fix CVE-2020-14370, a security issue in Podman. This is a medium-severity information disclosure vulnerability that affects containers created using Podman’s Varlink API or the Docker-compatible version of its REST API. If two or more containers are created using these APIs, and the first container had environment variables added to it when it was created, all subsequent containers created using the Varlink or Docker-compatible REST APIs will also have these environment variables added. This effect does not persist after restarting the Podman API service.

    Podman v2.0.5 and higher contain a fix for the CVE. If you use either of these APIs, please update to Podman v2.0.5 or later. We will also be patching the long-term support v1.6.4 release used in RHEL and CentOS.

    · One min read

    podman logo

    Building freely distributed containers with open tools

    By Tom Sweeney GitHub

    Scott McCarty (@fatherlinux) has an amazing video on YouTube about Building freely distributed containers with open tools. As only Scott could say "Although explaining how to ride a Tron-style light cycle is beyond the scope of this tutorial, we will discuss something almost as exhilarating—building containers with #Podman and #RedHat Universal Base Image (UBI). We will cover how to build and run #containers based on #UBI using just your regular user account—no daemon, no root (rootless), no fuss. Finally, we will order the deresolution of all of our containers with a really cool command. You probably won’t be promoted to CEO of ENCOM after this talk, but you will have new tools in your toolbelt for how to find, run, build, and share container images."

    · One min read

    podman logo

    Basic security principles for containers and container runtimes

    By Brent Baude GitHub

    Brent Baude has another blog post on the Red Hat Enable Sysadmin site this time about Basic security principles for containers and container runtimes. In the post Brent talks about the three core security themes concerning containers and why user privileges matter in the space.

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/signing.html b/blogs/tags/signing.html index 92701ff61..8dc0fa441 100644 --- a/blogs/tags/signing.html +++ b/blogs/tags/signing.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ Signing container images is nothing magical and can drastically enhance security to mitigate man-in-the-middle (MITM) attacks. Read all about it here.

    - + \ No newline at end of file diff --git a/blogs/tags/skopeo.html b/blogs/tags/skopeo.html index e4a5a777f..55c3a3b01 100644 --- a/blogs/tags/skopeo.html +++ b/blogs/tags/skopeo.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to produce an image that supports multiple architectures under a single "name". Working with container image manifest lists post!

    - + \ No newline at end of file diff --git a/blogs/tags/sudo.html b/blogs/tags/sudo.html index 15d325746..5228c5415 100644 --- a/blogs/tags/sudo.html +++ b/blogs/tags/sudo.html @@ -12,13 +12,13 @@ - +

    8 posts tagged with "sudo"

    View All Tags
    - + \ No newline at end of file diff --git a/blogs/tags/syscall.html b/blogs/tags/syscall.html index 7b1906b6f..cfaa3745c 100644 --- a/blogs/tags/syscall.html +++ b/blogs/tags/syscall.html @@ -12,13 +12,13 @@ - +

    One post tagged with "syscall"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/systemd.html b/blogs/tags/systemd.html index 38ff65bfd..473472d39 100644 --- a/blogs/tags/systemd.html +++ b/blogs/tags/systemd.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ In fact, this job can be done by external tools and this blog post describes how we can use the systemd initialization service to work with Podman containers.

    - + \ No newline at end of file diff --git a/blogs/tags/tent.html b/blogs/tags/tent.html index ef8f1e8e1..3c7827bcb 100644 --- a/blogs/tags/tent.html +++ b/blogs/tags/tent.html @@ -12,13 +12,13 @@ - +

    2 posts tagged with "tent"

    View All Tags

    · 5 min read

    podman logo

    Easy Development Dependency Management With Podman and Tent

    By Farhan Hasin Chowdhury GitHub

    Installing and managing development dependencies for various project is a chore and one thing that can improve your everyday workflow is the usage of containers.

    Tent is a CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners.

    · One min read

    Tent is an open-source CLI tool for running development dependencies such as MySQL, Mongo, ElasticSearch etc inside pre-configured containers using simple one-liners. Developed using Go and the official golang bindings, tent is fast, reliable and secure. Checkout Easy Development Dependency Management With Podman and Tent to learn about the project.

    - + \ No newline at end of file diff --git a/blogs/tags/test.html b/blogs/tags/test.html index 7f36f6567..0db006b3a 100644 --- a/blogs/tags/test.html +++ b/blogs/tags/test.html @@ -12,7 +12,7 @@ - + @@ -23,7 +23,7 @@ is so big, most readers would end up on the floor, sound asleep, in a puddle of their own drool.  Instead, I will keep your fidget-spinner twirling, by jumping around several topics.

    - + \ No newline at end of file diff --git a/blogs/tags/tracing.html b/blogs/tags/tracing.html index ff7260a80..c6501810e 100644 --- a/blogs/tags/tracing.html +++ b/blogs/tags/tracing.html @@ -12,13 +12,13 @@ - +

    One post tagged with "tracing"

    View All Tags

    · 11 min read

    podman logo

    Generate SECCOMP Profiles for Containers Using Podman and eBPF

    By Valentin Rothberg GitHub

    Containers run everywhere. They run in the cloud, they run on IoT devices, they run in small and in big companies and wherever they run, we want them to run as securely as possible. In this article, I describe the Google Summer of Code project that Divyansh Kamboj, Dan Walsh and I have been working on and how we improved the state of the art in securing containers, and how you can try it out.

    - + \ No newline at end of file diff --git a/blogs/tags/ubuntu.html b/blogs/tags/ubuntu.html index a5bdb4559..c8c2dba0c 100644 --- a/blogs/tags/ubuntu.html +++ b/blogs/tags/ubuntu.html @@ -12,7 +12,7 @@ - + @@ -29,7 +29,7 @@ have made it easier for new users to test the latest-greatest versions of Podman and allow for using it on distributions that do not yet provide it in their main repositories.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2.html b/blogs/tags/v-2.html index 81acf47b1..73a2d135c 100644 --- a/blogs/tags/v-2.html +++ b/blogs/tags/v-2.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/10.html b/blogs/tags/v-2/page/10.html index e690fcefb..d7b9c5058 100644 --- a/blogs/tags/v-2/page/10.html +++ b/blogs/tags/v-2/page/10.html @@ -12,7 +12,7 @@ - + @@ -43,7 +43,7 @@ advancements that Podman v2.x will give our users. Subsequent blog posts will be written on those advancements and why they matter to our users.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/2.html b/blogs/tags/v-2/page/2.html index 9f9f229e7..401633b2b 100644 --- a/blogs/tags/v-2/page/2.html +++ b/blogs/tags/v-2/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/3.html b/blogs/tags/v-2/page/3.html index d6d948d11..f5fd6a7fb 100644 --- a/blogs/tags/v-2/page/3.html +++ b/blogs/tags/v-2/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/4.html b/blogs/tags/v-2/page/4.html index 7ead9bf5a..608abab62 100644 --- a/blogs/tags/v-2/page/4.html +++ b/blogs/tags/v-2/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/5.html b/blogs/tags/v-2/page/5.html index bdf78c6ca..2a7d6dddb 100644 --- a/blogs/tags/v-2/page/5.html +++ b/blogs/tags/v-2/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/6.html b/blogs/tags/v-2/page/6.html index a5a0a31b4..f946f63d9 100644 --- a/blogs/tags/v-2/page/6.html +++ b/blogs/tags/v-2/page/6.html @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ October 6 at 11:00 a.m. Eastern. It will be a video conference using BlueJeans and all of the details are on this post.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/7.html b/blogs/tags/v-2/page/7.html index 57258a6ff..b43058a87 100644 --- a/blogs/tags/v-2/page/7.html +++ b/blogs/tags/v-2/page/7.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    96 posts tagged with "v2"

    View All Tags

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    The podman play kube command now supports deployments

    By Matthew Heon GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The podman play kube command now supports deployments, you can now learn all about the recent features added to Podman to interact with Kubernetes objects. The podman generate kube command allows you to export your existing containers into Kubernetes Pod YAML. This YAML can then be imported into OpenShift or a Kubernetes cluster. The podman play kube does the opposite, it allows you to take a Kubernetes YAML and run it in Podman. Learn all of the details and more in the blog post!

    · One min read

    podman logo

    Tick-tock. Does your container know what time it is?

    By Tom Sweeney GitHub

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Ashley Cui recently joined our team at Red Hat and just wrote her first ever blog post that is now on the Red Hat Enable Sysadmin site Tick-tock. Does your container know what time it is?. In this timely post, Ashley walks you through setting the timezone within a container using the --tz option. Just prior to this posting, I had answered a very similar question for someone. This is a really good and quick blog, and I'm sure the first of many for Ashley.

    · One min read

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · One min read

    podman logo

    Container video series: Rootless containers, process separation, and OpenSCAP

    By Tom Sweeney GitHub

    Do you want to know more about Rootless containers, process separation, and OpenSCAP? If you're like many, a video is a better learning device than a blog post. Well you're in luck, Brian Smith just landed a blog post on the Red Hat Enable Sysadmin site Container video series: Rootless containers, process separation, and OpenSCAP with a number of blog posts on the subject, many featuring Podman.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/8.html b/blogs/tags/v-2/page/8.html index 37384ad7a..b2a5c1148 100644 --- a/blogs/tags/v-2/page/8.html +++ b/blogs/tags/v-2/page/8.html @@ -12,7 +12,7 @@ - + @@ -28,7 +28,7 @@ using a set of Go based bindings is probably a more direct route to a production ready application. Let’s take a look at how easily that can be accomplished.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    - + \ No newline at end of file diff --git a/blogs/tags/v-2/page/9.html b/blogs/tags/v-2/page/9.html index 018e95511..caf8d91c5 100644 --- a/blogs/tags/v-2/page/9.html +++ b/blogs/tags/v-2/page/9.html @@ -12,13 +12,13 @@ - +

    96 posts tagged with "v2"

    View All Tags

    · 2 min read

    podman logo

    Podman REST API and Docker compatibility

    By Matthew Heon GitHub

    Versioning the REST API

    Podman v2.0.0 launched recently, and with it the REST API. We’ve seen a great deal of excitement with this new API because of what it will enable - enabling applications and automation to use Podman when the could previously only use Docker. As you may know, Podman’s REST API is split into two halves: one providing a Docker-compatible API, and a Libpod API providing support for Podman’s unique features such as pods. We would love for all projects to eventually grow to support for our native Libpod API, but this will take time (and may be impossible for older, no longer maintained projects). As such, we need to talk about the Compatibility API and how it can be used.

    - + \ No newline at end of file diff --git a/blogs/tags/varlink.html b/blogs/tags/varlink.html index ac0d60c3f..f24645547 100644 --- a/blogs/tags/varlink.html +++ b/blogs/tags/varlink.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    6 posts tagged with "varlink"

    View All Tags

    · 2 min read

    podman logo

    Podman API v1.0 and libpod.conf Removal Notice

    By Tom Sweeney GitHub

    On August 1, 2020, the Podman team posted a Podman API v1.0 Deprecation and Removal notice. As noted in that document, the Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. The support for the varlink library was greatly reduced in the spring of 2020. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 3 min read

    podman logo

    Podman Troubleshooting Guide

    By Tom Sweeney GitHub

    As a kid, I was fascinated by space flight. If I couldn't be a fireman like my father, I wanted to be an astronaut. Of course I had to have a Major Matt Mason figure so I could fly him around the house and then land him softly in a jury-rigged parachute in my wading pool. Then of course the whole Apollo 13 drama had me riveted, and when the movie came out years later, I fell in love with this line in the movie, "Let's work the problem people. Let's not make things worse by guessing." by Ed Harris who played Gene Kranz the "vested" flight director.

    · 3 min read

    podman logo

    Podman API v1.0 Deprecation and Removal Notice

    By Tom Sweeney GitHub

    The Podman API v1.0 relied on the varlink library to handle the underlying client/server calls from the Podman client to the host where the Podman service was running. About one year ago, the Podman team was notified that the focus on the varlink library was being greatly reduced and there would be no further development and little support for it from the varlink library team. This led the Podman team to investigate the use of other client/server technologies and it was decided to develop a RESTful API for Podman using the native Go libraries.

    · 8 min read

    podman logo

    Programmatic remote access to Podman via the varlink protocol

    By Harald Hoyer GitHub

    This guide shows how to access Podman remotely via the varlink interface with CLI tools and programmatically with python, go and rust.

    This should work on Linux, MacOS and Windows 10.

    The compatibility matrix shows which feature is supported on which OS in which language.

    Note: replace <podman-machine> in this guide with the IP or hostname of your Podman machine

    - + \ No newline at end of file diff --git a/blogs/tags/video.html b/blogs/tags/video.html index 10d37b349..4eac46e65 100644 --- a/blogs/tags/video.html +++ b/blogs/tags/video.html @@ -12,13 +12,13 @@ - +

    5 posts tagged with "video"

    View All Tags

    · One min read

    podman logo

    Podman 3 and Docker Compose - How Does the Dockerless Compose Work?

    By Kirill Shirinkin GitHub

    One of the main Podman 3 features is the support of Docker Compose. You can take any of your existing docker-compose.yml and just use it with Podman.

    In this video, Kirill Shirinkin shows how he moved from Docker to Podman in a real docker-composed application.

    Watch now.

    · One min read

    podman logo

    Dockerless: Build and Run Containers with Podman and systemd

    By Kirill Shirinkin GitHub

    In this video, Kirill Shirinkin will show how to use Podman to build container images and run Java applications in containers with systemd.

    We are going to learn why we should at least try alternatives to Docker, how container runtime landscape changed and how Podman is different and in certain ways better than Docker.

    Watch now.

    - + \ No newline at end of file diff --git a/blogs/tags/windows.html b/blogs/tags/windows.html index a64d74861..3c71b7221 100644 --- a/blogs/tags/windows.html +++ b/blogs/tags/windows.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ Checkout the Podman Posts of Interest for the links!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/2.html b/blogs/tags/windows/page/2.html index c2aeae6ca..5d7f92a42 100644 --- a/blogs/tags/windows/page/2.html +++ b/blogs/tags/windows/page/2.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ on Apple silicon hardware like the M1s.

    · 3 min read

    podman logo

    Podman on Macs Update

    By Brent Baude GitHub

    The Podman team values the local development experience, and we think containers are a crucial part of that. We’ve been brainstorming, discussing, and testing solutions to bring a great Podman experience to Mac and Windows. We are constantly looking for ways to improve it. In particular, the latest release of Podman has support for Intel(as of Podman v3.4) Macs. We have been hearing good feedback for a few weeks now, but up until this point, we haven’t published a lot of documentation.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/3.html b/blogs/tags/windows/page/3.html index c4d5d429c..27bd4b20e 100644 --- a/blogs/tags/windows/page/3.html +++ b/blogs/tags/windows/page/3.html @@ -12,7 +12,7 @@ - + @@ -30,7 +30,7 @@ May the Fourth be with you via Podman post, I delve into running an Ascii movie featureing the first Star Wars Movie inside of a container run by Podman.

    Enjoy and May the Fourth be with you!

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/4.html b/blogs/tags/windows/page/4.html index 97abf04f7..9d1f26ed4 100644 --- a/blogs/tags/windows/page/4.html +++ b/blogs/tags/windows/page/4.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Podman: Managing pods and containers in a local container runtime

    By Brent Baude GitHub

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime. This functionality is now available in the upstream version of Podman if you want to take a sneak peak.

    · One min read

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    · One min read

    podman logo

    Using Podman and Docker Compose

    By Brent Baude GitHub

    One of the questions that the Podman development team has been hearing a lot over the past year or so is "Does Podman support Docker Compose? Up until recently, the answer was "not yet". With the soon to be released Podman v3.0, that answer changes to "NOW!" Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Using Podman and Docker Compose. This functionality is now available in the upstream version of Podman if you want to take a real sneak peak.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/5.html b/blogs/tags/windows/page/5.html index 31981f3b0..264b759e1 100644 --- a/blogs/tags/windows/page/5.html +++ b/blogs/tags/windows/page/5.html @@ -12,7 +12,7 @@ - + @@ -36,7 +36,7 @@ to the posts. Checkout the Podman Posts of Interest for the links!

    · One min read

    podman logo

    Container image short names in Podman

    By Tom Sweeney GitHub

    Do you like you container names to be short, sweet and yet secure? Valentin Rothberg shows you how in a recent blog post on the Red Hat Enable Sysadmin site, Container image short names in Podman. This functionality is now available in the upstream version of Podman and is targeted for Podman v3.0.

    · One min read

    podman logo

    The history of an API: GitLab Runner and Podman

    By Tom Sweeney GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/6.html b/blogs/tags/windows/page/6.html index 74338a024..c2222b455 100644 --- a/blogs/tags/windows/page/6.html +++ b/blogs/tags/windows/page/6.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    65 posts tagged with "windows"

    View All Tags

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, The history of an API: GitLab Runner and Podman, Pablo Greco from the CentOS QA team in Buenos Aires, Argentia documented his journey through a Podman and GitLab Runner integration. When Podman v2.2 arrives, GitLab Runner will be able to run with Podman right out of the box. Give the article a read to see how he got there.

    · One min read

    podman logo

    Exploring Podman RESTful API using Python and Bash

    By Jhon Honce GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Exploring Podman RESTful API using Python and Bash, Jhon Honce nicely demonstrates the new Podman REST API using code examples in Python and shell commands. Additional notes are included in the code comments. The provided code was written to be clear vs. production quality.

    · One min read

    podman logo

    DevConf US 2020 Containers Technologies Talk

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    By Tom Sweeney GitHub

    In case you missed Kedar Kulkarni's excellent talk at DevConf.US 2020, "Docker, Podman, Buildah, Skopeo, and what else?", check out the video on YouTube. There were also a number of other interesting talks at DevConf.US 2020 that you might be interested in, you'll be able to find links to the talks at the DevConf.US site above.

    · One min read

    podman logo

    Podman Posts of Interest

    By Brent Baude GitHub

    · One min read

    I've run across a number of posts over the past few weeks concerning Podman and have been busy getting other work done. So now I have a few moments and thought I'd add some links to the posts. Enjoy!

    · One min read

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Podman remote clients for macOS and Windows

    By Brent Baude GitHub

    In a recent blog post on the Red Hat Enable Sysadmin site, Podman remote clients for macOS and Windows, Brent Baude and Ashley Cui walk you through setting up a remote client on either Windows or macOS to let you manage your containers and images on your Linux backend. The post covers installation, ssh setup, creating the initial connection and finally how to use the client. Give it a quick look!

    · One min read

    podman logo

    Pulling podman images from a container repository

    By Tom Sweeney GitHub

    Tom Sweeney has another blog post on the Red Hat Enable Sysadmin site this time he's writing about Pulling podman images from a container repository. Learn the different varieties of pull that the podman build command can use to speed up or further secure your environment in this post.

    - + \ No newline at end of file diff --git a/blogs/tags/windows/page/7.html b/blogs/tags/windows/page/7.html index 723429ff4..e7aac45ea 100644 --- a/blogs/tags/windows/page/7.html +++ b/blogs/tags/windows/page/7.html @@ -12,13 +12,13 @@ - +

    65 posts tagged with "windows"

    View All Tags

    · One min read

    podman logo

    What happens behind the scenes of a rootless Podman container?

    By Dan Walsh GitHub

    Dan Walsh along with Matt Heon have a blog post on the Red Hat Enable Sysadmin site, What happens behind the scenes of a rootless Podman container?. If you ever wanted to know what happens under the covers of a rootless container, this is the article for you!

    - + \ No newline at end of file diff --git a/community.html b/community.html index 6086cd20b..945175ef9 100644 --- a/community.html +++ b/community.html @@ -12,13 +12,13 @@ - +
    -

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    21:59

    Central European Standard Time

    15:59

    Eastern Standard Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    - +

    Community

    Podman Logo

    Chat with the Podman community

    The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

    Current Time

    24:48

    Central European Standard Time

    18:48

    Eastern Standard Time

    Podman Community Meetings

    An image of podman team members in a virtual meeting

    Older meeting details

    Older meeting details

    Mailing List

    Browse the mailing list

    Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

    Subscribe or post to the mailing list

    A screenshot of the Podman mailing list home screen.

    Submitting Issues & Pull Requests

    Submitting Issues

    Don't include private / sensitive info in issues!

    • Feel free to add your scenario, or additional information, to the discussion.
    • Subscribe to the issue to be notified when it is updated.
    • Include as much detail as possible
    • Try to remove any extra stuff that doesn't really relate to the issue itself

    Submitting Pull Requets

    While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

    PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

    • Well-documented code changes.
    • Additional testcases. Ideally m they should fail w/o your code change applied.
    • Documentation changes.
    More PR Submission Details

    Special thanks to our contributors

    The Podman community has contributors from many different organizations, including:

    Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
    + \ No newline at end of file diff --git a/docs.html b/docs.html index c22ce1386..bbb1b91c5 100644 --- a/docs.html +++ b/docs.html @@ -12,7 +12,7 @@ - + @@ -52,7 +52,7 @@ here.

    More information

    For more information on Podman and its subcommands, checkout the asciiart demos on the README.md page.

    - + \ No newline at end of file diff --git a/docs/checkpoint.html b/docs/checkpoint.html index fe2214600..2c1fc4720 100644 --- a/docs/checkpoint.html +++ b/docs/checkpoint.html @@ -12,7 +12,7 @@ - + @@ -32,7 +32,7 @@ transferring the checkpoint, it is possible to specify an output-file.

    On the source system:

    $ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz
    $ scp /tmp/checkpoint.tar.gz <destination_system>:/tmp

    On the destination system:

    $ sudo podman container restore -i /tmp/checkpoint.tar.gz

    After being restored, the container will answer requests again as it did before checkpointing. This time the container will continue to run on the destination system.

    $ curl http://<IP_address>:8080
    - + \ No newline at end of file diff --git a/docs/documentation.html b/docs/documentation.html index b06f782d9..030cc409c 100644 --- a/docs/documentation.html +++ b/docs/documentation.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/docs/installation.html b/docs/installation.html index dfce90445..5ac1f67f4 100644 --- a/docs/installation.html +++ b/docs/installation.html @@ -12,7 +12,7 @@ - + @@ -34,30 +34,12 @@ communicates with the podman service running in the WSL environment. Alternatively, you can access Podman directly from the WSL instance if you prefer a Linux prompt and Linux tooling.

    See the Podman for Windows guide for setup and usage instructions.

    Installing on Linux

    Linux Distributions

    Arch Linux & Manjaro Linux

    sudo pacman -S podman

    If you have problems when running Podman in rootless mode follow the instructions here

    For more information on Podman on ArchLinux click here

    Alpine Linux

    sudo apk add podman

    For further details, please refer to the instructions on the Alpine Linux wiki.

    CentOS

    Podman is available in the default Extras repos for CentOS 7 and in -the AppStream repo for CentOS 8 and Stream.

    sudo yum -y install podman

    Debian

    The podman package is available in the Debian 11 (Bullseye) repositories and later.

    sudo apt-get -y install podman

    If you would prefer newer (though not as well-tested) packages including RC -versions, the Kubic project -provides packages for Debian Testing and Unstable. -Checkout the Kubic project page -for a list of supported Debian versions and -architecture combinations. NOTE: The command sudo apt-get -y upgrade -may be required in some cases if Podman cannot be installed without it. -The Kubic packages are built using Fedora's packaging -sources.

    CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we also highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo -OR the official Debian repos. Mixing and matching may lead to unpredictable situations including installation conflicts.

    sudo mkdir -p /etc/apt/keyrings

    # Debian Testing/Bookworm
    curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/Release.key \
      | gpg --dearmor \
      | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
    echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
        https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Testing/ /" \
      | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null

    # Debian Unstable/Sid
    curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/Release.key \
      | gpg --dearmor \
      | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
    echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
        https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/Debian_Unstable/ /" \
      | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null

    # Install Podman
    sudo apt-get update
    sudo apt-get -y upgrade
    sudo apt-get -y install podman

    Fedora

    sudo dnf -y install podman

    Fedora CoreOS, Fedora Silverblue

    Built-in, no need to install

    Gentoo

    sudo emerge app-containers/podman

    OpenEmbedded

    Bitbake recipes for Podman and its dependencies are available in the +the AppStream repo for CentOS 8 and Stream.

    sudo yum -y install podman

    Debian

    The podman package is available in the Debian 11 (Bullseye) repositories and later.

    sudo apt-get -y install podman

    Fedora

    sudo dnf -y install podman

    Fedora CoreOS, Fedora Silverblue

    Built-in, no need to install

    Gentoo

    sudo emerge app-containers/podman

    OpenEmbedded

    Bitbake recipes for Podman and its dependencies are available in the meta-virtualization layer. Add the layer to your OpenEmbedded build environment and build Podman using:

    bitbake podman

    openSUSE

    sudo zypper install podman

    openSUSE Kubic

    Built-in, no need to install

    Raspberry Pi OS arm64 (beta)

    Raspberry Pi OS use the standard Debian repositories, so it is fully compatible with Debian's arm64 repository. You can simply follow the steps for Debian to install Podman.

    RHEL7

    Subscribe, then enable Extras channel and install Podman.

    sudo subscription-manager repos --enable=rhel-7-server-extras-rpms
    sudo yum -y install podman

    RHEL8

    Podman is included in the container-tools module, along with Buildah and Skopeo.

    sudo yum module enable -y container-tools:rhel8
    sudo yum module install -y container-tools:rhel8

    The container-tools:rhel8 is the fast application stream, containing most recent rolling versions of the tools. Use the container-tools:2.0 stream for stable versions of Podman 1.6. The command yum module list container-tools shows the available streams.

    Ubuntu

    The podman package is available in the official repositories for Ubuntu 20.10 -and newer.

    # Ubuntu 20.10 and newer
    sudo apt-get update
    sudo apt-get -y install podman

    If you would prefer newer (though not as well-tested) packages including RC -versions, the Kubic project -provides packages for the latest Ubuntu versions. -Checkout the Kubic project page -for a list of supported Ubuntu versions and -architecture combinations. NOTE: The command sudo apt-get -y upgrade -maybe required in some cases if Podman cannot be installed without it. -The Kubic packages are built using Fedora's packaging -sources.

    CAUTION: The Kubic repo is NOT recommended for production use. Furthermore, we highly recommend you use Buildah, Podman, and Skopeo ONLY from EITHER the Kubic repo -OR the official Ubuntu repos. Mixing and matching may lead to unpredictable situations including installation conflicts.

    sudo mkdir -p /etc/apt/keyrings
    curl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" \
      | gpg --dearmor \
      | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
    echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
        https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
      | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
    sudo apt-get update -qq
    sudo apt-get -qq -y install podman

    Linux Mint

    Follow the steps for Ubuntu (or Debian if you use LMDE).

    Replace $(lsb_release -rs) with $(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2) for Ubuntu steps.

    Installing development versions of Podman

    Fedora

    You can test the very latest Podman in Fedora's updates-testing +and newer.

    # Ubuntu 20.10 and newer
    sudo apt-get update
    sudo apt-get -y install podman

    Linux Mint

    Follow the steps for Ubuntu (or Debian if you use LMDE).

    Replace $(lsb_release -rs) with $(grep DISTRIB_RELEASE= /etc/upstream-release/lsb-release | cut -d "=" -f 2) for Ubuntu steps.

    Installing development versions of Podman

    Fedora

    You can test the very latest Podman in Fedora's updates-testing repository before it goes out to all Fedora users.

    sudo dnf update --refresh --enablerepo=updates-testing podman

    If you use a newer Podman package from Fedora's updates-testing, we would appreciate your +1 feedback in Bodhi, Fedora's update management system.

    Installing bleeding-edge versions of Podman

    If you like danger and are interested in testing the latest @@ -82,7 +64,7 @@ also available to automate the installation of the above statically linked binary on its supported OS:

    sudo su -
    mkdir -p ~/.ansible/roles
    cd ~/.ansible/roles
    git clone https://github.com/alvistack/ansible-role-podman.git podman
    cd ~/.ansible/roles/podman
    pip3 install --upgrade --ignore-installed --requirement requirements.txt
    molecule converge
    molecule verify

    Configuration files

    registries.conf

    Man Page: registries.conf.5

    /etc/containers/registries.conf

    registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.

    Example from the Fedora containers-common package

    $ cat /etc/containers/registries.conf
    # For more information on this configuration file, see containers-registries.conf(5).
    #
    # NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
    # We recommend always using fully qualified image names including the registry
    # server (full dns name), namespace, image name, and tag
    # (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
    # quay.io/repository/name@digest) further eliminates the ambiguity of tags.
    # When using short names, there is always an inherent risk that the image being
    # pulled could be spoofed. For example, a user wants to pull an image named
    # `foobar` from a registry and expects it to come from myregistry.com. If
    # myregistry.com is not first in the search list, an attacker could place a
    # different `foobar` image at a registry earlier in the search list. The user
    # would accidentally pull and run the attacker's image and code rather than the
    # intended content. We recommend only adding registries which are completely
    # trusted (i.e., registries which don't allow unknown or anonymous users to
    # create accounts with arbitrary names). This will prevent an image from being
    # spoofed, squatted or otherwise made insecure.  If it is necessary to use one
    # of these registries, it should be added at the end of the list.
    #
    # # An array of host[:port] registries to try when pulling an unqualified image, in order.
    unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]
    #
    # [[registry]]
    # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
    # # (only) the TOML table with the longest match for the input image name
    # # (taking into account namespace/repo/tag/digest separators) is used.
    # #
    # # If the prefix field is missing, it defaults to be the same as the "location" field.
    # prefix = "example.com/foo"
    #
    # # If true, unencrypted HTTP as well as TLS connections with untrusted
    # # certificates are allowed.
    # insecure = false
    #
    # # If true, pulling images with matching names is forbidden.
    # blocked = false
    #
    # # The physical location of the "prefix"-rooted namespace.
    # #
    # # By default, this equal to "prefix" (in which case "prefix" can be omitted
    # # and the [[registry]] TOML table can only specify "location").
    # #
    # # Example: Given
    # #   prefix = "example.com/foo"
    # #   location = "internal-registry-for-example.net/bar"
    # # requests for the image example.com/foo/myimage:latest will actually work with the
    # # internal-registry-for-example.net/bar/myimage:latest image.
    # location = "internal-registry-for-example.com/bar"
    #
    # # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
    # #
    # # The mirrors are attempted in the specified order; the first one that can be
    # # contacted and contains the image will be used (and if none of the mirrors contains the image,
    # # the primary location specified by the "registry.location" field, or using the unmodified
    # # user-specified reference, is tried last).
    # #
    # # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
    # # as if specified in the [[registry]] TOML table directly:
    # # - location
    # # - insecure
    # [[registry.mirror]]
    # location = "example-mirror-0.local/mirror-for-foo"
    # [[registry.mirror]]
    # location = "example-mirror-1.local/mirrors/foo"
    # insecure = true
    # # Given the above, a pull of example.com/foo/image:latest will try:
    # # 1. example-mirror-0.local/mirror-for-foo/image:latest
    # # 2. example-mirror-1.local/mirrors/foo/image:latest
    # # 3. internal-registry-for-example.net/bar/image:latest
    # # in order, and use the first one that exists.
    #
    # short-name-mode="enforcing"

    [[registry]]
    location="localhost:5000"
    insecure=true

    mounts.conf

    /usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf

    The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands. Container process can then use this content. The volume mount content does not get committed to the final image.

    Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.

    For example, a mounts.conf with the line "/usr/share/rhel/secrets:/run/secrets", the content of /usr/share/rhel/secrets directory is mounted on /run/secrets inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.

    Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.

    Example from the Fedora containers-common package:

    cat /usr/share/containers/mounts.conf
    /usr/share/rhel/secrets:/run/secrets

    seccomp.json

    /usr/share/containers/seccomp.json

    seccomp.json contains the whitelist of seccomp rules to be allowed inside of containers. This file is usually provided by the containers-common package.

    The link above takes you to the seccomp.json

    policy.json

    /etc/containers/policy.json

    Man Page: policy.json.5

    Example from the Fedora containers-common package:

    cat /etc/containers/policy.json
    {
        "default": [
            {
                "type": "insecureAcceptAnything"
            }
        ],
        "transports":
            {
                "docker-daemon":
                    {
                        "": [{"type":"insecureAcceptAnything"}]
                    }
            }
    }
    - + \ No newline at end of file diff --git a/features.html b/features.html index afa732db3..3e450c671 100644 --- a/features.html +++ b/features.html @@ -12,13 +12,13 @@ - +

    Podman Features

    Podman Logo

    Getting to know Podman

    Quick dive into Podman

    A seal diving into the water

    Join Podman's Community

    A group of seals swimming.

    Need some help?

    A confused seal.

    Podman Desktop

    Podman Desktop is Podman's graphical application that makes it easy to install and work with Podman (and other container engines) on Windows, MacOS, and Linux.

    Manage containers (not just Podman.)

    Podman Desktop allows you to list, view, and manage containers from multiple supported container engines* in a single unified view.

    Gain easy access to a shell inside the container, logs, and basic controls.

    * Supported engines and orchestrators include Podman, Docker, Lima, kind, Red Hat OpenShift, Red Hat OpenShift Developer Sandbox.

    Build, pull, and push images.

    Build containers from a Dockerfile / Containerfile, or pull images from remote repositories to run.

    Manage accounts for and push your images to multiple container registries.

    Podify containers into pods.

    Create pods by selecting containers to run together. View unified logs for your pods and inspect the containers inside each.

    Play Kubernetes YAML locally, without Kubernetes, and generate Kubernetes YAML from Pods.

    Deploy to Kubernetes.

    Deploy pods from Podman Desktop to local or remote Kubernetes contexts using automatically-generated YAML config.

    Podman Command-Line

    Podman's command-line interface allows you to find, run, build, and share containers.

    Find and pull down containers no matter where they are.

    • podman search
    • podman pull

    Find and pull down containers whether they are on dockerhub.io or quay.io, an internal registry server, or direct from a vendor.

    example of podman commands

    Want to learn more?

    Recent Podman Blog Posts

    Check out more posts about Podman on our Blog!

    Basic Resources

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/get-started.html b/get-started.html index 79d5d4af4..028dfac0b 100644 --- a/get-started.html +++ b/get-started.html @@ -12,13 +12,13 @@ - +

    Get Started with Podman

    First Things First: Installing Podman

    For installing or building Podman, please see the installation instructions:

    Basic Resources

    Getting Help

    Help & manpages

    For more details, you can review the manpages:

    $ man podman 
    $ man podman subcommand

    To get some help and find out how Podman is working, you can use the help.

    $ podman --help # get a list of all commands 
    $ podman subcommand --help # get info on a command

    Please also reference the Podman Troubleshooting Guide to find known issues and tips on how to solve common configuration mistakes.

    Searching, pulling, and listing images

    $ podman search httpd 
      INDEX       NAME                                  DESCRIPTION                    STARS OFFICIAL AUTOMATED
      docker.io   docker.io/library/httpd               The Apache HTTP Server Project  3762             [OK]
      docker.io   docker.io/centos/httpd-24-centos7     Platform for running Apache h... 40
      quay.io     quay.io/centos7/httpd-24-centos-7     Platform for running Apache h... 0               [OK]
      docker.io   docker.io/centos/httpd                                                 34              [OK]
      redhat.com  registry.access.redhat.com/ubi8/httpd                                  0
      quay.io     quay.io/redhattraining/httpd-parent                                    0               [OK]
      


    $ podman search httpd --filter=is-official
      INDEX       NAME                                  DESCRIPTION                    STARS OFFICIAL AUTOMATED
      docker.io   docker.io/library/httpd               The Apache HTTP Server Project  3762    [OK]
      $ podman pull docker.io/library/httpd
      Trying to pull docker.io/library/httpd:latest...
      Getting image source signatures
      Copying blob ab86dc02235d done  
      Copying blob ba1caf8ba86c done  
      Copying blob eff15d958d66 done  
      Copying blob 635a49ba2501 done  
      Copying blob 600feb748d3c done  
      Copying config d294bb32c2 done  
      Writing manifest to image destination
      Storing signatures
      d294bb32c2073ecb5fb27e7802a1e5bec334af69cac361c27e6cb8546fdd14e7



    $ podman images
      REPOSITORY               TAG         IMAGE ID      CREATED       SIZE
      docker.io/library/httpd  latest      d294bb32c207  12 hours ago  148 MB

    Running a container & listing running containers

    This sample container will run a very basic httpd server that serves only its index page.

    Running a container

    $ podman run -dt -p 8080:80/tcp docker.io/library/httpd
    Note:

    Because the container is being run in detached mode, represented by the -d in the podman run command, Podman will run the container in the background and print the container ID after it has executed the command. The -t also adds a pseudo-tty to run arbitrary commands in an interactive shell.

    Also, we use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed.

    Listing running containers

    The podman ps command is used to list created and running containers.

    $ podman ps
    CONTAINER ID  IMAGE                           COMMAND           CREATED       STATUS      PORTS                 NAMES
    01c44968199f  docker.io/library/httpd:latest  httpd-foreground  1 minute ago  Up 1 minute 0.0.0.0:8080->80/tcp  laughing_bob
    Note:

    If you add -a to the podman ps command, Podman will show all containers (created, exited, running, etc.).

    Testing the httpd container

    As you are able to see, the container does not have an IP Address assigned. The container is reachable via its published port on your local machine.

    $ curl http://localhost:8080

    From another machine, you need to use the IP Address of the host, running the container.

    $ curl http://<IP_Address>:8080
    Note:

    Instead of using curl, you can also point a browser to http://localhost:8080.

    - + \ No newline at end of file diff --git a/getting-started/installation.html b/getting-started/installation.html index 81f48d6b8..5ae37637b 100644 --- a/getting-started/installation.html +++ b/getting-started/installation.html @@ -12,13 +12,13 @@ - +
    - + \ No newline at end of file diff --git a/index.html b/index.html index e7db76b21..c7b9b32f4 100644 --- a/index.html +++ b/index.html @@ -12,13 +12,13 @@ - +

    The best free & open source container tools

    Manage containers, pods, and images with Podman. Seamlessly work with containers and Kubernetes from your local environment.

    Get Started

    Latest stable Podman 4.8.3-Latest stable Podman Desktop 1.7.0-Apache License 2.0

    Supported Platforms

    • Fast and light.

    • Secure.

    • Open.

    • Compatible.

    Kubernetes Logo

    Kubernetes Ready

    A growing set of compatible tools

    Visual Studio code includes Podman support

    VS Code Logo

    Cirrus CLI allows you to reproducibly run containerized tasks with Podman

    Cirrus Logo

    GitHub Actions include support for Podman, as well as friends buildah and skopeo

    Github Logo

    Kind's ability to run local Kubernetes clusters via container nodes includes support for Podman

    Kind Logo

    What people are saying about Podman

    Ananth Iyer

    @mrananthiyer
    user avatar

    I am using @Podman_io for Magento 2 and it is super fast than other container tools. You must try it. #Podman #Magento #magento2

    Jul 20, 2023

    Latest Podman News

    Have fun coloring and learn about Podman!

    A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

    Download
    A collection of pages from the Podman coloring book.
    - + \ No newline at end of file diff --git a/release.html b/release.html index 7aa8119e8..21f6038c3 100644 --- a/release.html +++ b/release.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2018/06/04/podman-alpha-v0.6.1.html b/release/2018/06/04/podman-alpha-v0.6.1.html index 8f0193d8b..d0fc5ce3b 100644 --- a/release/2018/06/04/podman-alpha-v0.6.1.html +++ b/release/2018/06/04/podman-alpha-v0.6.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman Alpha version 0.6.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    Improvements to podman Remote API

    * Example usage for the Podman python API
    * Correct issue with varlink container inspect where not all information was being parsed
    * varlink build added to the varlink API
    * Python API now can attach to a container

    Improvements to podman build

    * OnBuild support for podman build

    General Improvements

    * Correctly drop security capabilities when running containers with — user
    * Fix edge case of pulling images with shortnames and no registries defined
    * Lots of changes with the hooks command
    * Make some run options exclusive when using an existing container network namespace
    * Podman ps and images now sorts containers and images by their created time.
    - + \ No newline at end of file diff --git a/release/2018/07/02/podman-alpha-v0.6.4.html b/release/2018/07/02/podman-alpha-v0.6.4.html index 075761d00..9e3c0ace2 100644 --- a/release/2018/07/02/podman-alpha-v0.6.4.html +++ b/release/2018/07/02/podman-alpha-v0.6.4.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.6.4 Release Announcement

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    podman container cleanup was added to cleanup mountpoint, cgroups and network configuration when containers exit. When a container is run in background mode (-d), the podman command exits, but conmon continues to run and monitor the container, when the container exits, conmon executes podman container cleanup to cleanup the container.

    There were a number of bug fixes and a lot of vendoring new code — Golang speak for updating the code we depend on from other projects. Interesting things are in store for podman in the upcoming weeks. Stay tuned!

    I missed writing this blog the last couple of weeks, and wanted to point out a huge new feature from the buildah project. podman build now supports layering. As you may know podman build by default only adds one layer when processing a Dockerfile. This is different the docker build. Docker defaults to layering each line in the Dockerfile, which makes the creation of an application easier, since docker build jumps to the first line changed in the Dockerfile since the previous build. Podman build on the other hand starts at the beginning, which works better in using a Dockerfile in a build system. With the introducion of the — layers flag, you can now get the same behaviour in podman build that you have in docker build, incremental changes to the Dockerfile will start the build at the change point rather then in the beginning. There is even a environment variable BUILDAH_LAYERS which can be set to default to the layers method.

    Notable features include:

    * Continued work on podman remote client. A mock up of a podman remote client went into the contrib/ section of our repository. This is not ready for anyone but Jhon Honce as the primary contributor to the python library code.
    * Continued work on running podman without requiring you to be root. Giuseppe Scrivano made a bunch of commits related to rootless containers.
    * added podman-image and podman-container man page links
    * fixed a fatal error where when a container disappeared during podman ps.
    * added an authfile option to podman search to deal with private registries.
    * fixed a bug related to container startup and attached mode.
    * building podman with varlink support is now optionional.
    - + \ No newline at end of file diff --git a/release/2018/07/09/podman-alpha-v0.7.1.html b/release/2018/07/09/podman-alpha-v0.7.1.html index b9a40e626..7bfc1a227 100644 --- a/release/2018/07/09/podman-alpha-v0.7.1.html +++ b/release/2018/07/09/podman-alpha-v0.7.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.1 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    Speaking of platform changes, one thing I have been working on the last few weeks is to cross-compile for Darwin from Linux. This was really our first need to deal with other platforms and was rather invasive at times. It took several merges over the last few weeks to complete but we have are able to build a Darwin binary. I must emphasize build because the binary is known to not run — as there is a lengthy list of things that would need to be fixed or implemented first. Nevertheless, my goal here was to implement a CI test that would always perform the build so we can protect against subsequent regressions for Darwin should someone decide to work on that platform.

    Other significant changes include:

    * several changes to the makefile to make it more efficient
    * fix parsing of short options by vendoring in a new urfave/cli
    * tutorial fixes
    * revert back to a shared cgroup for conmon processes
    * remove buildah requirement for the libpod image library
    * block use of /proc/acpi from inside containers
    * factor pkg/ctime into a separate package
    - + \ No newline at end of file diff --git a/release/2018/07/16/podman-alpha-v0.7.2.html b/release/2018/07/16/podman-alpha-v0.7.2.html index 500763e61..c79f05b19 100644 --- a/release/2018/07/16/podman-alpha-v0.7.2.html +++ b/release/2018/07/16/podman-alpha-v0.7.2.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.7.2 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    We have heard from users that they wish to be able to create containers with multiple networks. This can now be done with a combination of CNI configurations and podman. The easiest approach is to take the default podman configuration file /etc/cni/net.d/87-podman-bridge.conflist and duplicate it. Within the file, change the:

    * network name
    * bridge device (cni0 -> cni1)
    * subnet

    Then run podman like:

    $ podman run -it --network=podman,podman2 fedora:28 /bin/bash

    Jhon Honce and I have also been working on a remote client for podman, called pypodman. It is written in Python and allows users to have a podman-like front-end that accesses an actual podman backend on another node. It relies heavily on ssh and we recommend the use of ssh keys to simplify things.

    Our vision is this could eventually become useful for those using Macs or Windows as a development environment. Look for more official blogs and write-ups specifically on this.

    This is also the release where we start introducing pod concepts. We now have minimal support for pods. Try podman pod — help for further information.

    Other significant features include but are not limited to:

    * More unit tests for the varlink python client
    * Correction behavior for podman stats
    * Add — volumes-from to podman run and create
    * Fix a small regression in our opt handling
    * Add a default AppArmor profile
    * Fix path for rootless containers
    * Varlink API fixes in how we start start and attach to containers
    * Podman ps now reports containers as ‘dead’ instead of ‘unknown’
    * Correct behavior in podman rmi on how to handle parent image deletions
    * Logged output now goes to syslog as well as STDERR
    * When pulling an image by SHA1, we now set the name and tag correctly.
    * Better recording of exit codes for container exits
    - + \ No newline at end of file diff --git a/release/2018/08/08/podman-alpha-v0.8.1.html b/release/2018/08/08/podman-alpha-v0.8.1.html index 46073f5e1..4e7b86aab 100644 --- a/release/2018/08/08/podman-alpha-v0.8.1.html +++ b/release/2018/08/08/podman-alpha-v0.8.1.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.1 Release Announcement

    · One min read

    podman logo

    Podman release 0.8.1

    Our latest podman release turned out to be a lot of internal plumbing. We had more than 50 commits but most were tweaks that most users would not notice. So I don’t have a singular, hot feature to point you at.

    That said, if you haven’t tried the python client to for podman, I recommend you do. It allows you to interact with a remote podman instance via SSH.

    Other notable benefits of this release are:

    * Fixes to rootless containers including network support using slirp4netns written by Akihiro Suda
    * Adjustments to how images are pulled and their metadata
    * podman build now supports different isolation mechanims, to better run within a confined container.
    * Changes to our integration tests to speed them up
    * podman load now supports xz compression
    * Tidy up man pages
    - + \ No newline at end of file diff --git a/release/2018/08/20/podman-alpha-v0.8.3.html b/release/2018/08/20/podman-alpha-v0.8.3.html index 866e59e98..86c781fec 100644 --- a/release/2018/08/20/podman-alpha-v0.8.3.html +++ b/release/2018/08/20/podman-alpha-v0.8.3.html @@ -12,13 +12,13 @@ - +

    Podman Alpha version 0.8.3 Release Announcement

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    Some of the more obvious changes in this release are:

    * Updated documentation to mention that systemd is now the default cgroup manager.
    * The create|run switch of — uts-host now works correctly.
    * Add pod stats as a sub-command. Similar to podman stats, it allows you to see statistics about running pods and their containers.
    * Varlink API endpoints for many of the pod subcommands were added.
    * Support format for the varlink API endpoint Commit (OCI or docker)
    * Fix handling of the container’s hostname when using — host=net
    * When searching multiple registries, do not make an error from one registry be fatal.
    * Create and Pull commands were added to the python client.

    Our IRC channel has not moved. Much of the development team can be found on Freenode in #podman. Come by and introduce yourself!

    - + \ No newline at end of file diff --git a/release/2018/12/12/podman-alpha-v0.12.1.1.html b/release/2018/12/12/podman-alpha-v0.12.1.1.html index aefa7d641..bdc7cbf4c 100644 --- a/release/2018/12/12/podman-alpha-v0.12.1.1.html +++ b/release/2018/12/12/podman-alpha-v0.12.1.1.html @@ -12,13 +12,13 @@ - +

    Podman v0.12.1.1 Released

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    Changes

    This release comes with many exciting new features. To highlight a few of our biggest changes:

    • The podman generate kube command was added by Brent Baude, which generates Kubernetes pod and service YAML from Podman containers and pods.
    • Initial support for named volumes using the podman volume set of commands was landed by Urvashi Mohnani
    • The podman rm and podman rmi commands can now prune unused containers and images with the --prune flag
    • Ports can now be published to the host from pods

    Numerous bugs were fixed as well, including a breaking change in rootless Podman found in 0.11.x releases.

    To see the full changelog, please visit our release notes on GitHub

    Some of this work, like the podman volume command, is still very early. We'd greatly appreciate feedback! If you have an enhancement request or a bug report, please file them on our issue page.

    - + \ No newline at end of file diff --git a/release/2019/01/16/podman-release-v1.0.0.html b/release/2019/01/16/podman-release-v1.0.0.html index d6ea90522..2948d0461 100644 --- a/release/2019/01/16/podman-release-v1.0.0.html +++ b/release/2019/01/16/podman-release-v1.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.0.0 Released

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    Podman made its first public release, v0.2, a little less than a year ago. We've come a long way since then, adding new features like:

    • Rootless containers
    • Support for pods
    • Interacting with Kubernetes pod YAML
    • A Varlink API for interacting with Podman on remote machines

    We've kept our eyes firmly on stability, fixing over 150 bugs. We’ve also worked on performance, making sure all common operations are optimized. While it is an iterative process, we are pleased with where we stand today. With that, we're excited to announce that Podman is ready for prime time, and it is ready for you.

    A key focus of Podman is around security. In addition to support for rootless containers, we’ve added many other security features. Great support for User Namespaces has resulted in better container separation. The podman top command will tell you what security features are enabled for processes within containers. Podman’s daemonless fork/exec model preserves audit information on containers.

    This is just the beginning, and we have plans for much more. For example, numerous improvements are planned for rootless Podman, pod support, the Varlink API, and automatic user namespace separation. If you find a feature missing from Podman, feel free to open an enhancement request on our Github. We love your feedback, and many of our best ideas come from users and contributors.

    Finally, the Podman team would like to thank all our contributors. Everyone who submitted code, improved documentation, or reported bugs has been a great help.

    Changes

    A few of the biggest changes from Podman 1.0.0 include:

    • Added the podman play kube command, which creates Podman pods based on Kubernetes pod YAML.
    • The podman run and podman create commands now support the --init flag, to run a minimal init process in the container.
    • Added the podman image sign command to sign container images.
    • Image pulls are now parallelized for increased speed

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/02/26/podman-release-v1.1.0.html b/release/2019/02/26/podman-release-v1.1.0.html index 8dd05fb3f..be71c5d03 100644 --- a/release/2019/02/26/podman-release-v1.1.0.html +++ b/release/2019/02/26/podman-release-v1.1.0.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/01/podman-release-v1.1.1.html b/release/2019/03/01/podman-release-v1.1.1.html index c3384982f..2c5c4d412 100644 --- a/release/2019/03/01/podman-release-v1.1.1.html +++ b/release/2019/03/01/podman-release-v1.1.1.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.1 Released

    · 3 min read

    podman logo

    Podman has gone 1.1.1!

    After releasing Podman v1.1.0 a number of miscellaneous changes and several bug fixes focusing on command line options and parsing were added.
    All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where podman container restore was erroneously available as podman restore #2191
    • Fixed a bug where the volume_path option in libpod.conf was not being respected
    • Fixed a bug where Podman failed to build when the varlink tag was not present #2459
    • Fixed a bug where the podman image load command was listed twice in help text
    • Fixed a bug where the podman image sign command was also listed as podman sign
    • Fixed a bug where the podman image list command incorrectly had an image alias
    • Fixed a bug where the podman images command incorrectly had ls and list aliases
    • Fixed a bug where the podman image rm command was being displayed as podman image rmi
    • Fixed a bug where the podman create command would attempt to parse arguments meant for the container
    • Fixed a bug where the combination of FIPS mode and user namespaces resulted in permissions errors
    • Fixed a bug where the --time alias for --timeout for the podman restart and podman stop commands did not function
    • Fixed a bug where the default stop timeout for newly-created containers was being set to 0 seconds (resulting in an immediate SIGKILL on running podman stop)
    • Fixed a bug where the output format of podman port was incorrect, printing full container ID instead of truncated ID
    • Fixed a bug where the podman container list command did not exist
    • Fixed a bug where podman build could not build a container from images tagged locally that did not exist in a registry #2469
    • Fixed a bug where some Podman commands that accept no arguments would not error when provided arguments
    • Fixed a bug where podman play kube could not handle cases where a pod and a container shared a name

    Misc

    • Usage text for many commands was greatly improved
    • Major cleanups were made to Podman manpages, ensuring that command lists are accurate
    • Greatly improved debugging output when the newuidmap and newgidmap binaries fail when using rootless Podman
    • The -s alias for the global --storage-driver option has been removed
    • The podman container refresh command has been deprecated, as its intended use case is no longer relevant. The command has been hidden and manpages deleted. It will be removed in a future release
    • The podman container runlabel command will now pull images not available locally even without the --pull option. The --pull option has been deprecated
    • The podman container checkpoint and podman container restore commands are now only available on OCI runtimes where they are supported (e.g. runc)

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/03/05/podman-release-v1.1.2.html b/release/2019/03/05/podman-release-v1.1.2.html index 418c82e5a..70ab0f183 100644 --- a/release/2019/03/05/podman-release-v1.1.2.html +++ b/release/2019/03/05/podman-release-v1.1.2.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Podman v1.1.2 Released

    · One min read

    podman logo

    Podman has gone 1.1.2!

    After releasing Podman v1.1.1 a number of bug fixes focusing on command line options and parsing were added. All the details follow!

    Changes

    Bugfixes

    • Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
    • Fixed a bug where the --label option to podman create and podman run was missing the -l alias
    • Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir #2408
    • Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output #2500
    • Fixed a bug where the podman cp command would automatically extract .tar files copied into the container #2509

    Misc

    • The podman container stop command is now usable with the Podman remote client

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/04/10/podman-release-v1.2.0.html b/release/2019/04/10/podman-release-v1.2.0.html index cff91e403..6e205642a 100644 --- a/release/2019/04/10/podman-release-v1.2.0.html +++ b/release/2019/04/10/podman-release-v1.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.2.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.2.0!

    Podman 1.2.0 has been released, featuring many exciting new features and fixes for numerous bugs. With 1.2.0, Podman added support for container healthchecks, an events system, and a way to view image layers as a tree. Over 30 bugs were fixed in this new release, including numerous issues with rootless Podman. We also upgraded the version of Buildah driving podman build from v1.7 to v1.7.2, picking up numerous fixes.

    Our new Podman release includes support for container healthchecks. Healthchecks provide additional information on container status, running checks defined by the image or user to verify that the application in a container is working properly. Any containers with healthchecks defined will run them automatically, and their status can be checked with podman inspect. The podman healthcheck run command can also be used to manually trigger a healthcheck.

    Podman also added a new command, podman events, that can be used to view major lifecycle events for containers, pods, and images as they occur. This command and its corresponding Varlink API can be used by tools which wish to check the overall status of the system, or check when a specific container starts or exits. A few example events are shown below:

    2019-04-11 15:49:45.490227772 -0400 EDT container attach 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.58978211 -0400 EDT container start 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:45.590526456 -0400 EDT container died 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)
    2019-04-11 15:49:46.363842802 -0400 EDT container remove 0765d56e25939f66aed5817dd10c5cbc69f177b2b4ef94ec302b8b67475e0a1a (image=quay.io/crio/alpine:latest, name=optimistic_franklin)

    The podman image tree command was also added. This command will print a tree representation of an image's layers. This can be used to easily identify an image's dependencies. An example with a simple multilayer image is shown below:

    Image ID: 4a3e4f2db0ac
    Tags:    [localhost/buildah-ctr:latest localhost/myimage:latest]
    Size:    598.1MB
    Image Layers
    ├──  ID: a13f3c019d29 Size: 274.9MB
    ├──  ID: 6ae7c90cc44a Size: 323.2MB
    └──  ID: 610298fe2990 Size: 1.024kB Top Layer of: [localhost/buildah-ctr:latest localhost/myimage:latest]

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/05/10/podman-release-v1.3.0.html b/release/2019/05/10/podman-release-v1.3.0.html index 28939736b..556f70c95 100644 --- a/release/2019/05/10/podman-release-v1.3.0.html +++ b/release/2019/05/10/podman-release-v1.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.3.0 Released

    · 2 min read

    podman logo

    Welcome to Podman 1.3.0!

    Podman 1.3.0 has been released! We've focused firmly on stability with 1.3.0, fixing over 25 bugs and making major changes to improve the stability of rootless Podman and Podman volumes. This release also includes a number of new features, including the podman generate systemd command to generate unit files to manage Podman containers, and the --restart flag for podman run and podman create to restart containers on error. We also picked up a fresh version of Buildah, 1.8.2, including numerous fixes and improvements for podman build.

    The biggest new features in Podman 1.3.0 are for managing container restart. The --restart flag allows Podman to restart containers when they exit, and the podman generate systemd command makes unit files so you can leverage systemd to manage container lifecycle. These commands seem very similar, but are very different in practice. The --restart flag is much simpler, but more limited - it restarts containers when they exit, but cannot deal with a system restart or dependencies between containers. If you need access to these more advanced features, podman generate systemd will allow you to manage your containers via systemd, leveraging all of its service management capabilities.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    - + \ No newline at end of file diff --git a/release/2019/08/14/podman-release-v1.5.0.html b/release/2019/08/14/podman-release-v1.5.0.html index 63b8f58d8..5ee50e2b6 100644 --- a/release/2019/08/14/podman-release-v1.5.0.html +++ b/release/2019/08/14/podman-release-v1.5.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.5.0 Released

    · 2 min read

    podman logo

    Podman has gone 1.5!

    Podman 1.5.0 has been released! We’ve made major improvements to podman exec, podman generate kube, and rootless containers in this release. Stability has also been a focus, and we’ve fixed over 30 bugs and several performance issues. The new 1.5.0 release is available for Fedora and Ubuntu right now!

    With this new release, Podman has picked up a number of improvements to core container functionality. The podman exec command has been completely reworked, including improved handling for attaching to containers. Expect to see more work on exec in future releases. CGroups have also seen major work, with support for CGroup namespaces via the --cgroupns flag to podman create and podman run, and support for CGroups v2 when using the crun OCI runtime - more details here. The podman generate kube command has also been improved and now includes volumes mounted into containers. Finally, we’ve addressed several memory leaks and other performance issues, and Podman should be much more responsive on systems under high load.

    Rootless containers have also been improved, featuring improved handling for privileged containers and the ability to use container health checks. Podman now has experimental support for running rootless containers with a single UID and GID using the new ignore_chown_errors storage option. This allows Podman to be run without the newuidmap and newgidmap binaries, and removes the need for any elevated privileges to start rootless containers. This approach is more limited (but more secure) than normal rootless containers.

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/01/08/podman-release-v1.7.0.html b/release/2020/01/08/podman-release-v1.7.0.html index 5f5dacd30..a0a3affc4 100644 --- a/release/2020/01/08/podman-release-v1.7.0.html +++ b/release/2020/01/08/podman-release-v1.7.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.7.0 Released

    · 2 min read

    podman logo

    Podman 1.7 has been released!

    Podman v1.7.0 has been released, including many new features and numerous bugfixes. It features improvements to networking, podman play kube, and systemd unit file integration. We’ve also added the podman system reset command, to remove all existing containers, pods, images, and volumes and reset the system to its initial state. Stability has not been neglected, and this release features almost 60 bugfixes, including major fixes for podman rm, podman exec, and volumes.

    This new release features improved support for host networking via the CNI macvlan plugin which allows containers to connect directly to networks the host is connected to. The podman network create command can now create macvlan configs via the --macvlan flag. Containers can also set static MAC addresses. The podman play kube command has also been updated to respect security settings, including user/group, SELinux configuration, and Seccomp profiles. Podman now creates a cgroup namespace by default on systems using cgroups v2, improving container isolation. We’ve made major improvements for running Podman in a systemd service. These changes (and how to use them) are detailed elsewhere in a blog.

    As always, please visit our page on GitHub to see the full changelog.

    You can find instructions for installing Podman here.

    - + \ No newline at end of file diff --git a/release/2020/04/17/podman-release-v1.9.0.html b/release/2020/04/17/podman-release-v1.9.0.html index b9644e0a9..df54faa4b 100644 --- a/release/2020/04/17/podman-release-v1.9.0.html +++ b/release/2020/04/17/podman-release-v1.9.0.html @@ -12,13 +12,13 @@ - +

    Podman v1.9.0 Released

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/2020/10/05/podman-release-v2.1.0.html b/release/2020/10/05/podman-release-v2.1.0.html index e0bf1ce59..62eaebaf5 100644 --- a/release/2020/10/05/podman-release-v2.1.0.html +++ b/release/2020/10/05/podman-release-v2.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.1.0 Released

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/2020/12/14/podman-release-v2.2.0.html b/release/2020/12/14/podman-release-v2.2.0.html index 2981b8d9b..0eaf55f23 100644 --- a/release/2020/12/14/podman-release-v2.2.0.html +++ b/release/2020/12/14/podman-release-v2.2.0.html @@ -12,13 +12,13 @@ - +

    Podman v2.2.0 Released

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/2021/02/11/podman-release-v3.0.0.html b/release/2021/02/11/podman-release-v3.0.0.html index cbbea1fcb..12655c759 100644 --- a/release/2021/02/11/podman-release-v3.0.0.html +++ b/release/2021/02/11/podman-release-v3.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.0.0 Released

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    - + \ No newline at end of file diff --git a/release/2021/04/02/podman-release-v3.1.0.html b/release/2021/04/02/podman-release-v3.1.0.html index 8a42ec558..6501b5880 100644 --- a/release/2021/04/02/podman-release-v3.1.0.html +++ b/release/2021/04/02/podman-release-v3.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.1.0 Released

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2021/08/31/podman-release-v3.3.0.html b/release/2021/08/31/podman-release-v3.3.0.html index 070e8d3de..feaa62253 100644 --- a/release/2021/08/31/podman-release-v3.3.0.html +++ b/release/2021/08/31/podman-release-v3.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v3.3.0 Released

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/02/22/podman-release-v4.0.0.html b/release/2022/02/22/podman-release-v4.0.0.html index 293bd5257..18e913029 100644 --- a/release/2022/02/22/podman-release-v4.0.0.html +++ b/release/2022/02/22/podman-release-v4.0.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.0.0 Released

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    - + \ No newline at end of file diff --git a/release/2022/05/09/podman-release-v4.1.0.html b/release/2022/05/09/podman-release-v4.1.0.html index ea73bc1e7..bc52659d6 100644 --- a/release/2022/05/09/podman-release-v4.1.0.html +++ b/release/2022/05/09/podman-release-v4.1.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.1.0 Released

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    - + \ No newline at end of file diff --git a/release/2022/08/17/podman-release-v4.2.0.html b/release/2022/08/17/podman-release-v4.2.0.html index aeeba29f9..e84deae2f 100644 --- a/release/2022/08/17/podman-release-v4.2.0.html +++ b/release/2022/08/17/podman-release-v4.2.0.html @@ -12,14 +12,14 @@ - +

    Podman v4.2.0 Released

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    - + \ No newline at end of file diff --git a/release/2022/09/28/updated-1.2.0.html b/release/2022/09/28/updated-1.2.0.html index 89c4c00dd..5b978b1e6 100644 --- a/release/2022/09/28/updated-1.2.0.html +++ b/release/2022/09/28/updated-1.2.0.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    Netavark and Aardvark-dns 1.2.0 released

    · One min read

    Netavark and Aardvark-dns v1.2.0 has been released!

    The underlying network components for Podman have been updated. This consists of two projects:

    • Netavark - network configuration tool for Podman
    • Aardvark-dns - container domain name resolution server for Podman containers

    Release v1.2.0 resolves a handful of edge case bugs that were found and reported. In addition, many of the libraries used by the projects were updated.

    - + \ No newline at end of file diff --git a/release/2022/10/22/podman-release-v4.3.0.html b/release/2022/10/22/podman-release-v4.3.0.html index 9332f951e..b5f7a5685 100644 --- a/release/2022/10/22/podman-release-v4.3.0.html +++ b/release/2022/10/22/podman-release-v4.3.0.html @@ -12,13 +12,13 @@ - +

    Podman v4.3.0 Released

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    - + \ No newline at end of file diff --git a/release/archive.html b/release/archive.html index 76b65ddfb..b468ad9a5 100644 --- a/release/archive.html +++ b/release/archive.html @@ -12,13 +12,13 @@ - +

    Archive

    Archive

    2018

    2019

    2020

    2021

    2022

    - + \ No newline at end of file diff --git a/release/page/2.html b/release/page/2.html index 9f6ef479e..118bbfda5 100644 --- a/release/page/2.html +++ b/release/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/page/3.html b/release/page/3.html index 29adfe485..76c15d05f 100644 --- a/release/page/3.html +++ b/release/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags.html b/release/tags.html index e9fe03b3e..d743def73 100644 --- a/release/tags.html +++ b/release/tags.html @@ -12,13 +12,13 @@ - +

    Tags

    - + \ No newline at end of file diff --git a/release/tags/community.html b/release/tags/community.html index da6d85e7d..66b93d692 100644 --- a/release/tags/community.html +++ b/release/tags/community.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/community/page/2.html b/release/tags/community/page/2.html index dfa179df1..b2b6d7cd9 100644 --- a/release/tags/community/page/2.html +++ b/release/tags/community/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/community/page/3.html b/release/tags/community/page/3.html index 3423929dd..40d909db0 100644 --- a/release/tags/community/page/3.html +++ b/release/tags/community/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "community"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/hpc.html b/release/tags/hpc.html index a087de75b..b7b1436ac 100644 --- a/release/tags/hpc.html +++ b/release/tags/hpc.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "hpc"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/kubernetes.html b/release/tags/kubernetes.html index 0d5e29d92..9b2fbd625 100644 --- a/release/tags/kubernetes.html +++ b/release/tags/kubernetes.html @@ -12,14 +12,14 @@ - +

    8 posts tagged with "kubernetes"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    - + \ No newline at end of file diff --git a/release/tags/open-source.html b/release/tags/open-source.html index a6fb5ceb9..2f7940f23 100644 --- a/release/tags/open-source.html +++ b/release/tags/open-source.html @@ -12,14 +12,14 @@ - +

    25 posts tagged with "open source"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    · 2 min read

    podman logo

    Podman 1.9 has been released!

    Podman 1.9.0 has been released, featuring initial support for the new containers.conf configuration file, the ability to dynamically allocate user namespaces, and many improvements to the HTTP API.

    The containers.conf configuration file (documentation here) is the eventual replacement for our old configuration file, libpod.conf. It contains everything that file had, but also a large number of container-specific configuration settings, including the ability to add volume mounts, environment variables, DNS servers, and much more by default in new containers. As support is still in the early stages, we do not presently provide a default containers.conf, but expect to find one in future releases! The containers.conf file is also shared between Podman and Buildah, and sets defaults for both.

    Podman continues to push the boundaries of containers and security. Podman has a new experimental feature to dynamically allocate user namespaces for containers run as root with the --userns=auto flag. This option causes Podman to allocate unique user namespaces for each container it creates, dynamically sized based on the number of UIDs in the image. With this option, it is trivial to run containers in separate user namespaces, greatly improving isolation.

    We expect that Podman 1.9.0 will be the last minor release before Podman 2.0. Podman 2.0 will feature a number of major architectural changes to better support the new HTTP API, and will allow Podman to be used locally, as it is today, or remotely, against a Podman HTTP service, with the same executable. More details here.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/2.html b/release/tags/open-source/page/2.html index 5a8cf9449..31687dcb0 100644 --- a/release/tags/open-source/page/2.html +++ b/release/tags/open-source/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    - + \ No newline at end of file diff --git a/release/tags/open-source/page/3.html b/release/tags/open-source/page/3.html index 5b648cd53..5891f4b46 100644 --- a/release/tags/open-source/page/3.html +++ b/release/tags/open-source/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    25 posts tagged with "open source"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file diff --git a/release/tags/podman.html b/release/tags/podman.html index 04a20be75..ecf30323f 100644 --- a/release/tags/podman.html +++ b/release/tags/podman.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 3 min read

    podman logo

    Podman 4.3.0 is now available! There’s a lot to be excited about, including numerous new features, over 30 bug fixes, and many other improvements. A major focus of 4.3 has been on improving Docker compatibility, including the addition of many missing options and aliases to Podman’s command line to further our efforts to make transitioning to Podman a seamless change. Podman’s integration with Kubernetes has also seen many improvements, including improved integration with systemd and support for automatic updates. Read on for more details and these changes and more!

    The Podman team made improved compatibility with Docker a priority for Podman 4.3. We audited Podman’s commands against the Docker command line tool to identify missing and unsupported options and then set to work adding and fixing differences. As part of these, we added a dozen new options to various Podman commands, with many of these being missing aliases for existing options. A new set of commands, podman context, have been added for compatibility with docker context. These are also aliases (for podman system connection commands), and will usually be hidden as they are only required for scripts originally written to use Docker. We have also removed a known incompatibility with Docker in Podman’s volume handling. Docker compatibility remains a focus for Podman, and we will continue our efforts to make migrating to Podman effortless.

    Podman’s Kubernetes integration also saw numerous changes, the biggest of which is the creation of the podman kube command. Previously, Kubernetes YAML was generated with podman generate kube and ran with podman play kube, but users found this confusing - it wasn’t immediately obvious from podman help that the commands existed. By moving the commands to podman kube generate and podman kube play and introducing a new command to tear down pods (podman kube down), we consolidated all Kubernetes commands in one easy-to-find place. The podman generate kube, and podman play kube commands will continue to work, but the new podman kube commands will be preferred.

    Of course, we didn’t stop at just renaming commands. We’ve made a number of further additions to podman kube play, most notably improved systemd integration. In Podman 4.2, we added podman-kube@.service to allow pods created with podman kube play to be managed with systemd. With Podman 4.3, we’ve improved this in two significant ways. First, pods using podman-kube@.service can now use sdnotify to verify to systemd that they have started. This laid the groundwork for the following major change: Pods from podman-kube@.service now support Podman’s auto-updated mechanism, enabled using an annotation (io.containers.auto-update). Furthermore, we made several improvements to podman kube play, including support for emptyDir volumes, support for user namespaces via HostUsers, and support for binary data in ConfigMaps.

    These are just a few of the over 30 features and bug fixes included in Podman 4.3.0. Be sure to check out the release notes for more details!

    · 3 min read

    podman logo

    Podman v4.2.0 has been released!

    Podman 4.2.0, our latest release, is now available. Featuring dozens of new features, including support for the GitLab Runner, significant improvements to podman play kube, and pods in general. We’ve also been working on running Podman on Mac and Windows, with a number of major bug fixes and several new features for podman machine landing. We are also happy to announce an early release of Podman Desktop, a GUI tool for Podman. Read on for more details!

    Our new release now supports being used with the GitLab Runner as part of GitLab CI platforms, using the Docker executor. This has been the culmination of months of effort, and required squashing a number of bugs in our REST API. GitLab Runner has been a much-requested feature, and we’re eager to see what users do with it!

    As part of the 4.2.0 release, we have made many changes to both Podman pods and the podman play kube command. Pods now have early support for resource limits, allowing CPU and memory use for a pod to be limited. All containers in the pod will share this limit but can still set their own limits. Pods can also be cloned now via the new podman pod clone command. Support for YAML in play kube has also been improved, with additional support for security context settings and the ability to use BlockDevice and CharDevice volumes.

    systemd integration with podman play kube has been introduced. Pods launched by podman play kube can be managed by systemd, using the new podman-kube@.service service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the my.yaml file managed by systemd.

    Several other features and changes also landed in Podman v4.2.0. Early support for Sigstore signatures is now available in podman push and podman manifest push - expect more in this area in the future as we further integrate Sigstore and Podman. Podman networks can now be isolated (preventing traffic from being sent to other Podman-managed networks) with the --opt isolate= option to podman network create.

    These are just a few of the 40 new features and 50 bug fixes included in Podman 4.2.0. Be sure to check out the release notes for more details!

    Along with the release of Podman 4.2.0, a new version of Podman Desktop is available. If you are not yet aware of Podman Desktop, it’s a new project under the container organization to help developers work with containers in their local environment with a desktop UI. Podman Desktop is still in its early days. Still, it already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies). An early adopter program has also been set up. Feel free to sign up if you are interested in testing Podman Desktop, providing feedback, and speaking about your ideas, experiences, and pain points! If you are interested in contributing to the tool, your help would also be appreciated. Feel free to investigate the project’s Github.

    · 3 min read

    podman logo

    Podman v4.1 has been released!

    The new Podman v4.1.0 release is now available. This release is all about new features, with some of the most exciting being improved support for running on Mac and Windows, and adding support for Docker Compose v2.0. These are just the beginning, though, as this release also includes the ability to clone containers, significant improvements to checkpointing, and over 25 bug fixes. Read on for more details!

    Podman’s support for running on Mac and Windows via podman machine has seen a number of major improvements, chief among them support for mounting the host machine’s home directory into the podman machine VMs by default. Also, on Windows, you can now refer to arbitrary Windows drive paths in your volume mount expressions. This allows containers run by Podman to use mounts from the host, an often-requested feature. Additionally, we’ve added a podman machine inspect command to inspect existing VMs, and support for modifying the CPU, memory, and disk limits of existing VMs using the podman machine set command. Support for non-Linux operating systems continues to be one of our main focuses, and we’re committed to improving our user experience here - stay tuned for more details!

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1, but the rewritten Compose v2 required further work in Podman to support. Please note that it may be necessary to disable the use of the BuildKit API by setting the environment variable DOCKER_BUILDKIT=0; we’re looking into improving our Buildkit support in the future, so this is not necessary.

    There are numerous other changes and improvements to all parts of Podman packed into this release. We’ve added several new commands, including podman volume mount and podman volume unmount (to allow easy copying of files to and from volumes without using them in a container) and podman container clone (creates a copy of an existing container, with the ability to change many settings while doing so). Checkpoint and restore have seen a major improvement with the ability to store checkpoints as OCI images, allowing them to be distributed via container registries. Finally, Podman has gone on a diet - we set out to reduce or eliminate many of our dependencies and managed to reduce our binary size by 8MB shaving off 15% of the original binary size. There are many more changes - too many to list all of them here - so be sure to check out the release notes!

    · 2 min read

    podman logo

    Podman v4.0 has been released!

    Podman v4.0.0, a brand-new major release, is now available. Podman 4.0 is one of our most significant releases ever, featuring over 60 new features. Headlining this release is a complete rewrite of the network stack for improved functionality and performance, but there are numerous other changes, including improvements to Podman’s Mac and Windows support, improvements to pods, over 50 bug fixes, and much, much more!

    Podman now features support for a new network stack based on Netavark and Aardvark, in addition to the existing CNI stack. The new stack features improved support for containers in multiple networks, improved IPv6 support, and improved performance. To ensure that we don’t break existing users, the old CNI stack will remain the default on existing installations, while new installs will use Netavark. We’re planning an in-depth dive into the networking changes in a future blog, so look forward to more details there!

    Support for Podman on Windows and OS X has also been a top priority, and we have made several major improvements for Podman 4.0. Chief among them is support for mounting the Podman API socket on the host system, allowing tools like Docker Compose to be used on the host system instead of inside the podman machine VM. Also, podman machine can now use WSL2 as a backend on Windows, greatly improving Podman’s support for Windows. More features, including support for volume mounts from the host, are planned for Podman v4.1, so stay tuned for more updates.

    Podman Pods have seen numerous new features added to allow sharing resources between containers in the pod. The --volume and --device options to the podman pod create command allows volumes and devices to be mounted to every container in the pod, and the --security-opt and --sysctl options allow these configurations to be set for every container in the pod. Again, these changes are just the beginning of what we have planned - eventually, we aim to have almost every option from podman run available to pods to allow easy sharing of configuration options among containers within them.

    These changes are just the tip of the iceberg - there’s far more packed into this release, including major updates to checkpoint and restore, improvements to podman generate systemd and podman play kube, and so much more. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.3 has been released!

    A new Podman release is available, featuring a number of exciting new features, including improved support for running Podman on OS X, support for restarting containers after a system restart, improved support for checkpointing and restoring containers, and 60 bug fixes and stability improvements. Read on for more details!

    Podman’s support for running on non-Linux operating systems via the podman machine command continues to improve in v3.3.0. When containers are run inside a virtual machine created by podman machine, port forwarding from the host to the container is now supported - that is, a container that forwards port 8080 on the host to port 80 in the container will now be accessible not just from port 8080 in the Podman-managed virtual machine, but also from port 8080 on the host system. Stability also continues to improve, with many fixes being made to both podman machine itself and the remote Podman client.

    Podman now supports restarting containers created with the --restart option after the system is rebooted. Containers created with --restart=always can be automatically started when the system boots if the podman-restart.service systemd unit is enabled. Our main focus continues to be on managing containers directly with systemd via podman generate systemd, which has always allowed containers to be automatically started after boot and provides greater flexibility than the --restart option, but the addition of podman-restart.service will be useful for those seeking improved compatibility with Docker. The podman generate systemd command also saw several improvements, and will not default to using SDNotify instead of PID files, producing smaller and easier-to-understand unit files.

    Support for checkpoint and restoring containers has seen several new additions, most notably the ability to checkpoint and restore containers that are part of pods. Additionally, when restoring containers, you can now alter what ports the container publishes via the --publish option. Together, these greatly increase the flexibility of checkpoint and restore.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 2 min read

    podman logo

    Podman 3.1 has been released!

    The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API. Read on for more details!

    Secrets support has been a frequent request for Podman, and 3.1.0 features the first step toward fulfilling it. Secrets add a way to easily add confidential data into containers, by having Podman-managed secret files, which can easily be added to containers. We have added a suite of new commands - podman secret create, podman secret ls, podman secret inspect, and podman secret rm - to manage these secrets, and a --secret flag to podman create and podman run to mount secrets into containers. Please note that the initial implementation of secrets does not encrypt secrets at rest - look for this in an upcoming release.

    Podman can now automatically change volume ownership to match the user a container is running as. The new :U mount option for volumes made with the -v flag to podman create and podman run will chown paths mounted into containers to ensure that the user in the container can access the volume. This is very useful with rootless containers, where the rootless user namespace can make it difficult to tell what user on the container will access a directory.

    The podman generate kube command can now generate PersistentVolumeClaim volumes for Podman named volumes attached to containers. These have been supported in podman play kube since v2.2.0, but until now, Podman has not been able to create YAML with these volumes. This important addition restores symmetry between generate kube and play kube.

    This release also includes numerous other changes, features, and fixes. Find out more in the release notes.

    · 3 min read

    podman logo

    Podman 3.0 has been released!

    This new major release features several exciting new features, including support for Docker Compose, improved security around image pulls by short name, improved networking support, and over 100 bug fixes. Podman v3.0 also features numerous improvements to our REST API and the Podman remote client.

    The headlining feature of Podman 3.0 is the addition of support for Docker Compose which can now run against the Podman REST API. There are no changes needed as Compose won’t even realize it’s using Podman. Compose is only supported when running Podman as root; we aim to support it with rootless Podman in a future release.

    Podman 3.0 also enables secure short name aliasing by default, a feature that debuted in experimental form in Podman 2.2. With short name aliasing enabled, every time a user-facing Podman process pulls an image by a short name for the first time (e.g. podman pull fedora), it will prompt to ask the user where they want to pull from. This removes several potential ways an attacker could manipulate where an image was pulled from to cause Podman to pull a malicious image.

    Podman networking has seen numerous fixes as part of Podman 3.0. We have added a new command, podman network reload, which recreates firewall rules for Podman containers. Previously, reloading the system firewall would render all containers running as root unusable until they were restarted; podman network reload fixes this. Networks created by podman network create also now support labels, and the podman network ls command can filter using these labels.

    Podman v3.0 includes the latest version of Buildah along with updates to our other container libraries. Buildah 1.19.2 includes many new features and fixes, including improved support for building multi-platform container images.

    Podman v3.0 also includes a fix for CVE-2021-20199. This is a security issue where rootless Podman would rewrite the source address on traffic from published ports to 127.0.0.1, which could cause an authentication bypass on certain images. We strongly suggest upgrading if you use rootless Podman.

    As part of 3.0, Podman has dropped support for the legacy Varlink API, which we deprecated in Podman 2.0. We recommend all users of the Varlink API upgrade to the new REST API.

    Dozens of other features, changes, and bug fixes are all included to improve stability, performance, and compatibility. These include numerous additional commands and options as well as API changes and fixes. You can read more here.

    · 2 min read

    podman logo

    Podman 2.2 has been released!

    Podman v2.2.0 has been released! Featuring numerous new features and over 80 bugfixes, the new Podman offers a number of often-requested features and improved stability. Read on for more details!

    Some of our most exciting new features include support for network aliases and the network connect and network disconnect commands. Network aliases are additional names that containers can be accessed through when using DNS. The network connect and network disconnect commands allow running containers to be added to and removed from networks. These have been frequent requests from users, and significantly improve our compatibility with Docker in networking.

    Podman 2.2 also comes with initial support for short name aliasing. This feature, explained more fully here, enhances the security of short names in the podman pull and podman run commands (e.g. podman pull ubi8) by ensuring that that the image we pull is actually the image the user wanted. This feature is purely opt-in for now but will be enabled by default in Podman 3.0.

    The podman generate kube and podman play kube commands also saw numerous improvements, most of which were provided by the community. Both generate kube and play kube now support resource limits for containers. We’ve also gained support for Kubernetes’ persistent volume claims and configmaps in podman play kube. We now offer increased control over the containers created by play kube as well, with a --start option (defaulting to true) controlling whether they are started immediately after being created, and the ability to set what log driver they use to improve the ability of podman play kube to integrate with systemd unit files.

    We’ve also added several other improvements. The --mount option to podman create and podman run can now mount a container image into a container using the type=image argument. Additionally, the podman inspect command now works with more objects (networks, pods, and volumes) instead of just containers and images. Finally, more Podman commands (podman mount, podman diff, podman container exists) can now work with Buildah and CRI-O containers, in addition to Podman containers.

    Numerous bug fixes to APIV2 to better support docker-compose and docker-py.

    · 2 min read

    podman logo

    Podman 2.1 has been released!

    Podman v2.1.0 has just been released! This is one of our largest releases ever, and features numerous new features, over 50 bugs fixed, and extensive work on the REST API. Read on for more details!

    Our biggest announcement is that rootless Podman now supports inter-container networking. Previously, it was impossible for rootless Podman containers to communicate directly with each other without using pods. Now, by joining rootless containers to a network, they can communicate with other containers in the same network in the same manner as containers running with full root privileges. This is a major improvement to rootless networking, and addresses one of the largest gaps between running Podman with and without root.

    We’ve also enabled a number of new features for images. Podman can now mount images (read-only) so their contents can be viewed without creating a container based on the image, using the podman image mount command. Additionally, podman save and podman load can now work with archives containing multiple images, instead of only one at a time. Finally, Podman’s pull logic has been reworked to retry pulling images when a pull fails due to network issues.

    The podman play kube command has also been a focus of attention. It now handles many additional options from Kubernetes YAML. These include support for new volume types (mounting sockets into your pods and setting volumes as read-only), setting restart policy for pods, adding entries to /etc/hosts, and many more. These features are available to anyone using podman generate kube as well.

    In addition, there are numerous small improvements. Volume mounts can now use the :O option to be created as overlay mounts - mounts where changes made by the container will not be propagated back to the host. Podman now supports setting the timezone of containers (using the --tz flag). The podman ps command now supports a --storage option which will display all containers on the system, even those not managed by Podman (e.g. Buildah and CRI-O containers).

    - + \ No newline at end of file diff --git a/release/tags/podman/page/2.html b/release/tags/podman/page/2.html index ef7a6d651..fb91514c6 100644 --- a/release/tags/podman/page/2.html +++ b/release/tags/podman/page/2.html @@ -12,7 +12,7 @@ - + @@ -26,7 +26,7 @@ rootless Podman, adding short options to some of the existing command options, added --all-tags to the the pull command, further changes for rootless containers and more. All the details follow!

    Changes

    Features

    • Added --latest and --all flags to podman mount and podman umount
    • Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
    • Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf #2174
    • Added an alias -f for the --format flag of the podman info and podman version commands
    • Added an alias -s for the --size flag of the podman inspect command
    • Added the podman system info and podman system prune commands
    • Added the podman cp command to copy files between containers and the host #613
    • Added the --password-stdin flag to podman login
    • Added the --all-tags flag to podman pull
    • The --rm and --detach flags can now be used together with podman run
    • The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
    • Added the podman system renumber command to handle lock changes
    • The --net=host and --dns flags for podman run and podman create no longer conflict
    • Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:

    Bugfixes

    • Fixed a bug with podman inspect where different information would be returned when the container was running versus when it was stopped
    • Fixed a bug where errors in Go templates passed to podman inspect were silently ignored instead of reported to the user #2159
    • Fixed a bug where rootless Podman with --pid=host containers was incorrectly masking paths in /proc
    • Fixed a bug where full errors starting rootless Podman were not reported when a refresh was requested
    • Fixed a bug where Podman would override the config file-specified storage driver with the driver the backing database was created with without warning users
    • Fixed a bug where podman prune would prune all images not in use by a container, as opposed to only untagged images, by default #2192
    • Fixed a bug where podman create --quiet and podman run --quiet were not properly suppressing output
    • Fixed a bug where the table keyword in Go template output of podman ps was not working #2221
    • Fixed a bug where podman inspect on images pulled by digest would double-print @sha256 in output when printing digests #2086
    • Fixed a bug where podman container runlabel will return a non-0 exit code if the label does not exist
    • Fixed a bug where container state was always reset to Created after a reboot #1703
    • Fixed a bug where /dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases
    • Fixed a bug where Podman run as root was ignoring some options in /etc/containers/storage.conf #2217
    • Fixed a bug where Podman cleanup processes were not being given the proper OCI runtime path if a custom one was specified
    • Fixed a bug where podman images --filter dangling=true would crash if no dangling images were present #2246
    • Fixed a bug where podman ps --format {% raw %}"{{.Mounts}}"{% endraw %} would not display a container's mounts #2238
    • Fixed a bug where podman pod stats was ignoring Go templates specified by --format #2258
    • Fixed a bug where podman generate kube would fail on containers with --user specified #2304
    • Fixed a bug where podman images displayed incorrect output for images pulled by digest #2175
    • Fixed a bug where podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container #846
    • Fixed a bug where detaching from a container using the detach keys would cause Podman to hang until the container exited
    • Fixed a bug where podman create --rm did not work with podman start --attach
    • Fixed a bug where invalid named volumes specified in podman create and podman run could cause segfaults #2301
    • Fixed a bug where the runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable future
    • Fixed a bug where podman login would sometimes report it logged in successfully when it did not
    • Fixed a bug where podman pod create would not error on receiving unused CLI argument
    • Fixed a bug where rootless podman run with the --pod argument would fail if the pod was stopped
    • Fixed a bug where podman images did not print a trailing newline when not invoked on a TTY #2388
    • Fixed a bug where the --runtime option was sometimes not overriding libpod.conf
    • Fixed a bug where podman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error #2405
    • Fixed a bug where rootless podman export -o would fail #2381
    • Fixed a bug where read-only volumes would fail in rootless Podman when the volume originated on a filesystem mounted nosuid, nodev, or noexec #2312
    • Fixed a bug where some files used by checkpoint and restore received improper SELinux labels #2334
    • Fixed a bug where Podman's volume path was not properly changed when containers/storage changed location #2395

    Misc

    • Podman migrated to a new, shared memory locking model in this release. As part of this, if you are running Podman with pods or dependency containers (e.g. --net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details
    • Podman migrated to a new command-line parsing library, and the output format of help and usage text has somewhat changed as a result
    • Updated Buildah to v1.7, picking up a number of bugfixes
    • Updated containers/image library to v1.5, picking up a number of bugfixes and performance improvements to pushing images
    • Updated containers/storage library to v1.10, picking up a number of bugfixes
    • Work on the remote Podman client for interacting with Podman remotely over Varlink is progressing steadily, and many image and pod commands are supported
    • Added path masking to mounts with the :z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directory
    • The podman container runlabel command will not pull an image if it does not contain the requested label
    • Many commands' usage information now includes examples
    • podman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a container
    • The podman search command now searches multiple registries in parallel for improved performance
    • The podman build command now defaults --pull-always to true
    • Containers which share a network namespace (for example, when in a pod) will now share /etc/hosts and /etc/resolv.conf between all containers in the pod, causing changes in one container to propagate to all containers sharing their networks
    • The podman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missing

    As always, please visit our release notes on GitHub to see the full changelog.

    You can find instructions for installing Podman here

    · 3 min read

    podman logo

    Podman has gone 1.0!

    Our original goal with Podman was to provide a fully-featured debugging experience for CRI-O, but it has become so much more. Podman 1.0.0 is a fully-featured container engine. It provides a Docker-compatible command line to ease the transition from other container engines. Most Podman commands can be run as a regular user, without requiring additional privileges. Furthermore, all of this is accomplished without a daemon!

    · 2 min read

    podman logo

    Podman Release 0.12.1.1

    We're happy to announce the availability of Podman 0.12.1.1, our latest version. We've been very busy over the last month, and it shows! We've merged over 150 new commits since our 0.11 releases, including major new functionality and several critical bugfixes. Pods, Kubernetes compatibility, and container volumes all saw major improvements.

    We hope everyone enjoys the release, and stays with us in the future as Podman gets closer to 1.0. As always, many thanks to everyone who contributed to this release!

    - + \ No newline at end of file diff --git a/release/tags/podman/page/3.html b/release/tags/podman/page/3.html index d62a18a01..7c2144d68 100644 --- a/release/tags/podman/page/3.html +++ b/release/tags/podman/page/3.html @@ -12,7 +12,7 @@ - + @@ -20,7 +20,7 @@

    26 posts tagged with "podman"

    View All Tags

    · 2 min read

    podman logo

    Podman release 0.8.3

    Our release this week was very smooth. It seems like between CI infrastructure stability, last minute pull requests, and sometimes just plain bad luck, something always gives us trouble on Friday’s. The Fedora packages are created and I see that they are getting their karma and working through the process already.

    By the way, we moved! Our new upstream location is https://github.com/containers/podman. It seems to be a more natural fit for our project and more closely associates us with some of our sister projects.

    · 2 min read

    podman logo

    Podman release 0.7.2

    As most weeks are, this was fast and furious. You will see hand fulls of significant features below that have been added to podman this week. All of it is awesome work from the core team and its contributors. There were also two interesting features that users will be interested in: the ability to create a container with multiple networks and the podman remote client.

    · 2 min read

    podman logo

    Podman release 0.7.1

    Last week was a busy holiday week here in the United States, but we still managed a nice release full of interesting merges.

    Many of the significant merges are going to be less than noticeable to users. A lot of updated vendor code was added as well as the removal of unused functions due to cgroups and platform changes.

    · 3 min read

    podman logo

    Podman release 0.6.4

    This afternoon we were able to overcome some last minute bugs and release a new Podman. The packages are building in Fedora and will work their way through Fedora’s bodhi system. For giggles, I looked at the number of individual contributors this week and was glad to see the number at 10.

    Mainly bugfixes this week, one big one was that we do a better job cleaning up containers that run in the back ground.

    · 2 min read

    podman logo

    Podman release 0.6.1

    It seems that when we have a short work week here in the US, we have rather large releases. To me, that flies in the face of logic. Speaking of which, one particular milestone was reached this week … We had our 1000th commit in Podman!

    That is particularly special, because prior to this repository, all libpod work was being done within the CRI-O repository. So the 1000 commits is in actuality since we broke apart from CRI-O. I want to recognize all the contributors who have been helping us along way. Great job! ##Other notable items in the release:

    - + \ No newline at end of file